Level Goal

to gain access to the next level, you should use the setuid binary in the homedirectory. execute it without arguments to find out how to use it. the password for this level can be found in the usual place (/etc/bandit_pass), after you have used the setuid binary.

Solution

a setuid in the unix world is a type of permission which when applied to an executable will give the user who executes it the same privileges of the executable owner. speaking unix, when a process is created from this executable it’s effective user id will be set to be equal to the id of the executable owner.

as stated in the level description, we will find out how to use this setuid executable if we executed it with no arguments.

so this setuid executable will take another executable as it’s first argument and execute it.

as explained earlier the child process will get the effective user id of it’s parent which in this case is equal to the id of the executable owner.

now we can cat(1) the contents of the file /etc/bandit_pass/bandit20 to get next level’s password and we are done.