9. CAP_SETUID Capabilities Executable
Introduction
Capabilities are those permissions that divide the privileges of kernel user or kernel level programs into small pieces so that a process can be allowed sufficient power to perform specific privileged tasks.
Capabilities vs SUID
SUID for a binary means that the binary is instrumented to become a different effective user when started.
CAP_SETUID is a Linux capability to permit a process to change UID from code: it can give the code permission to execute the setuid() system call. This is considered a privilege over what normal user code can do.
Find files with capabilities
We have to take a note of CAP_SETUID capability and search GTFOBins to see if there exists any matching program which can be used for priv escalation
Last updated