= Level00 =

This level requires you to find a Set User ID program that will run as the "flag00" account. You could also find this by carefully looking in top level directories in / for suspicious looking directories. Alternatively, look at the find man page.

To access this level, log in as level00 with the password of level00.

= Solution =

We need to find a file that is setuid. 

{{{# find / -user flag00 -perm -4000 -exec ls -ldb {} \; >/tmp/results}}}

This needs a bit of explanation:

 1. We start the search in "/" the root directory.
 1. We are filtering for files owned by user "flag00"
 1. We are filtering for permissions identified as "-4000" this means that all the permission bits must be set (see man find). In this case -4000 means that the setuid bit must be set and all others are optional (i.e. we don't care how the u-user, g-group, o-other permissions are set).
 1. For each match we execute ls -ldb where {} is a placeholder for the filepath being matched. \; tells find that you have reached the end of arguments for the command being executed. See the excerpt from man find (see section -exec command ;). 
 1. Finally the results are saved to a file /tmp/results

Of course, once you find the file, just execute it and you are done!