Capbilities

  • Capabilities are a bit similar to the SUID

  • Capabilities provide a subset of root privileges to a process or binary

  • In order to look for them use getcap -r / 2>/dev/null

  • Find the binary and check that on GTFOBins (https://gtfobins.github.io/#+capabilities) where there's a function for Capabilities and try out those any of them will work!

  • In the example they provided a capability for vim and I used ./vim -c ':py3 import os; os.setuid(0); os.execl("/bin/sh", "sh", "-c", "reset; exec sh")' which is provided in the website itself and I got root!

  • Remember that this process is hit or trail, if it doesnt work move on!

PreviousSUIDNextNFS Root Squashing (Network File Sharing)

Last updated