# 9. CAP\_SETUID Capabilities Executable

### Introduction

Capabilities are those permissions that divide the privileges of kernel user or kernel level programs into small pieces so that a process can be allowed sufficient power to perform specific privileged tasks.

***

### Capabilities vs SUID

SUID for a binary means that the binary is instrumented to become a different effective user when started.

**CAP\_SETUID** is a Linux capability to permit a process to change UID from code: it can give the code permission to execute the `setuid()` system call. This is considered a privilege over what normal user code can do.

***

### Find files with capabilities

```bash
getcap -r / 2>/dev/null
```

We have to take a note of `CAP_SETUID` capability and search **GTFOBins** to see if there exists any matching program which can be used for priv escalation

***