I'm participating in a capture-the-flag contest where I must implement some form of privilege escalation to read the flag.txt
file. I've noticed that when I run whoami
I get the following result:
myHostHere:/$ whoami
nobody
But when I run id
my UID is set to root
:
myHostHere:/$ id
uid=0(root) gid=65534(nobody) euid=65534(nobody)
Does this mean it's possible for me to act as a root user, etc or am I misinterpreting the output?
Edit:
The output of ls -l flag.txt
is as follows:
-r--r----- 1 root root 34 Feb 10 12:00 flag.txt
ls -l $(which whoami)
, maybe it has setuid bit enabled. Or maybe your shell does.sh
norwhoami
have the setuid bit enabled (I also did afind / -perm /2000
previously which returned nothing).ls -l flag.txt
.