This part is about playing with SUID and SGID bits on 'l' details for files.
says: When a command or script with SUID bit set is run, its effective UID becomes that of the owner of the file, rather than of the user who is running it.
SUID Bit User executes the file with permissions of the file owner
SGID Bit User executes the file with the permission of the group owner
To search the a system for these type of files run the following: find / -perm -u=s -type f 2>/dev/null
*creating shell call for curl in tmp file
*because usr/bin/menu is run as root
*curl is found in menu file
*write /tmp path in PATH
*execute menu file
*pick option1 and run modified curl aka /bin/sh
*check for id root
writing shell scripts:
*this is a part of tryhackme.com so the introduction and manual is their content. execution and guide-through is mine.