GIAC Foundational Cybersecurity Technologies Practice Test

Question: 1 / 400

What file attribute is the penetration tester looking to find using the command below? find / -perm -4000 -user root -type f -print 2>/dev/null

SUID set

The command provided is designed to search for files on a Unix/Linux system that have specific characteristics. The use of `-perm -4000` is particularly significant because it indicates that the command is searching for files that have the "Set User ID" (SUID) permission set.

When a file has the SUID attribute set, it allows users to execute the file with the permissions of the file's owner—which in this case is specified as "root." This is particularly important in penetration testing, as SUID files can pose security risks if not properly monitored or controlled, potentially allowing unauthorized users to gain elevated privileges.

In the context of penetration testing, finding SUID files helps identify possible vulnerabilities that could be exploited to gain unauthorized access or to escalate privileges. Thus, identifying files with the SUID bit set is crucial for assessing the security posture of a system.

The other attributes mentioned do not correspond to the characteristics being searched for in this command:

- The SGID (Set Group ID) allows files to run with the permissions of the group that owns the file, which is not indicated by the `-4000` permission.

- A world writable file allows any user to write to the file, denoted by `-222`, which

Get further explanation with Examzify DeepDiveBeta

SGID set

World writable

Sticky bit set

Next Question

Report this question

Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy