Level Goal
To gain access to the next level, you should use the setuid binary in the homedirectory. Execute it without arguments to find out how to use it. The password for this level can be found in the usual place (/etc/bandit_pass), after you have used the setuid binary.

So there is a binary where the uid is different? The uid is the user which as the program will run as (I think). Lets see which file this might be. ls -la. There is a file called bandit20-do. Lets run this file to see how we can use this ./bandit20-do

Run a command as another user.
Example: ./bandit20-do id

Okay lets see how we can use this. We know password files are saved in /etc/bandit_pass/banditxx. Lets try to cat the password of bandit20.
./bandit20-do cat /etc/bandit_pass/bandit20

It returns us the password. Yeah it worked!

Leave a Reply

Your email address will not be published. Required fields are marked *