Capabilities
System administrators can use capabilities to increase the privilege level of a process or binary. Capabilities help manage privileges at a more granular level. For example, if the SOC analyst needs to use a tool that needs to initiate socket connections, a regular user would not be able to do that. If the system administrator does not want to give this user higher privileges, they can change the capabilities of the binary. As a result, the binary would get through its task without needing a higher privilege user.
Enumeration
We are going to exploit a capabilities to escalate our privilges to root. Let’s check the available capabilities that are enabled.
As you can see, /home/karen/vim has capabilities enabled. Let’s check GTFobins to see if there is a way to exploit it.
Well..we got it. We will follow the given procedure to exploit it and escalate to root.
Exploitation
We will execute this payload on our target machine ./vim -c ':py3 import os; os.setuid(0); os.execl("/bin/sh", "sh", "-c", "reset; exec sh")', which if sucessful will allow us to escalate to root.
