capabilities-abuse

Enumerate capabilities

find /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin -type f -exec getcap {} \;

---

In linux, setcap is used to set capabilities

sudo setcap cap_net_bind_service=+ep /usr/bin/vim.basic

Understand in depth:

• https://man7.org/linux/man-pages/man7/capabilities.7.html

• https://academy.hackthebox.com/module/51/section/1844

Capability value	Description
=	This value sets the specified capability for the executable, but does not grant any privilege. It is useful to clear any previously set capability for the executable.
+ep
+ei
+p

Privilege Escalation Capabilities

Capability	Description
cap_setuid	Allows a process to set its effective user ID, which can be used to gain the privileges of another user, including the root user.
cap_setgid	Allows to set its effective group ID, which can be used to gain the privileges of another group, including the root group.
cap_sys_admin	This capability provides a broad range of administrative privileges, including the ability to perform many actions reserved for the root user, such as modifying system settings and mounting and unmounting file systems.
cap_dac_override	Allows bypassing of file read, write, and execute permission checks.
cap_chown
cap_dac_read_search
cap_net_raw
cap_sys_ptrace
cap_sys_module
cap_former
cap_setfcap