Capabilities

LogoLinux Privilege Escalation using CapabilitiesHacking Articles
LogoSUID vs Capabilities :: mn3mSUID vs Capabilities

This is similar to SUID. Processes can be privileged running as 0 or non-privileged running as anything other than 0. Processes running as 0 can pass checks while others can't. Capabilities are more secure than SUID but can still be vulnerable

Hunting capabilities

cap_setuid+ep means capability, set to SUID to permissions everything

All we have to do is run the binary and make it do something that will turn us into root

Python example

Other useful tools are tar (read files) perl (reverse shell)

PreviousVulnversityNextCron Jobs

Last updated

Was this helpful?