[ Pen Testing ] :: Step by Step :: Exploiting SETUID

Setting the user ID on an executable means it runs under that user’s permissions, not the perms of the user that runs the executable. It’s highly useful in system admin, but it’s wildly dangerous too, because every SETUID file is a vector for hacking.

John Hammond (on YouTube) give an excellent example in the context of CTF on TryHackMe: