Introduction: In our previous blog post, we explored how to use the getcap command in Linux to identify binaries with dangerous capabilities that could potentially be exploited for privilege escalation. In this follow-up post, we will delve into leveraging the power of GTFOBins (Get The F**k Out Binary) to escalate privileges using these identified binaries. GTFOBins provides a curated list of Unix binaries and their abuse potential, opening up avenues for privesc.
Introduction: Privilege escalation is a critical concern in Linux system security. One common avenue for achieving privilege escalation is through exploitable binaries. In this blog post, we will explore how to utilise the getcap command in Linux to identify binaries that possess dangerous capabilities, providing potential opportunities for privesc. What is getcap? The getcap command is used to retrieve the file capabilities of binaries in Linux systems. File capabilities are a feature introduced to enhance security by providing specific permissions to execute certain operations without requiring full root privileges.