NCAE Mapping Hub
Overview Scoreboard Data Roles Exercised Checklists Lessons Skill Drills Practice Terminal Progress
performance hard Apply enum-setuid 2 points

Question 10. CSCD240-E1-B

Locate every setuid-root file on the filesystem; suppress permission-denied noise.

Work the drill

Answer on paper or in a terminal before revealing the ideal answer.

Ideal answer
find / -type f -perm -4000 -user root 2>/dev/null
Acceptable alternatives: ["find / -perm -4000 2>/dev/null", "find / -type f -perm /4000 -user root 2>/dev/null"]

Misconception bank

Each row below is a plausible wrong answer, the thinking that produces it, and the remedy that corrects the misconception. These are the foundation of the multiple-choice framing and the targeted feedback a student receives after answering.

find / -perm 4000
Misconception. -perm 4000 requires EXACT mode; -perm -4000 means "at least this bit set".
Remedy. Distinguish -perm MODE (exact) vs -perm -MODE (all set) vs -perm /MODE (any set).
ls -l /usr/bin | grep rws
Misconception. Only searches one dir, not entire filesystem.
Remedy. Teach find for filesystem-wide searches.

Authority mappings

Hover any chip for the mapping justification; click to open the authority record.

DCWF roles: CE-121 Exploitation Analyst
DCWF tasks: T0250
KU outcomes: CO-M10-O1CO-O5-O2

Course-artifact links

Lectures

  • CSCD240-S26-L08. Pipes, filters, grep, sort, uniq, wc, tar

Lab questions

  • CSCD240-S26-LAB3: What happens if you remove x from a directory? Test and explain.

CTF challenges

  • 02 Permissions: The Full Dossier