Uncommon setuid binaries

[0xsan-z]

Hi diego,

Their seems to be a problem in "Uncommon setuid binaries" check if the uncommon suid binary names matches to that of in ${lse_common_setuid} e.g. ┌──(kali㉿kali)-[/tmp] └─$ cat test.sh

!/bin/sh

setuidbin=sys for cs in ping ping6; do setuidbin=printf "$setuidbin\n" | grep -Ev "$cs"; done; printf "$setuidbin\n"

┌──(kali㉿kali)-[/tmp] └─$ ./test.sh sys <=========================== OK

= = = = ┌──(kali㉿kali)-[/tmp] └─$ cat test.sh

!/bin/sh

setuidbin=pingsys for cs in ping ping6; do setuidbin=printf "$setuidbin\n" | grep -Ev "$cs"; done; printf "$setuidbin\n"

┌──(kali㉿kali)-[/tmp] └─$ ./test.sh
<=========================== NOT OK, was expecting pingsys

Was doing a room on THM where we have to do privesc using an uncommon suid binary named "pingsys" and to my surprise it was not picked up by lse in Uncommon setuid binaries.

Please have a look.

[diego-treitos]

Thanks a lot for reporting this @0xsan-z . Indeed that is a poor check. It should be fixed on version 2.8 that I've just released.