Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-15 01:17:36 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] one page modified

Browse source
This commit is contained in:
CPol 2021-01-08 12:40:16 +00:00 committed by gitbook-bot
parent 78490f47a0
commit ad7258e87c
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 29 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
linux-unix/privilege-escalation/linux-capabilities.md
View file

@ -1150,6 +1150,35 @@ pgid = os.getpgid(341)
os.killpg(pgid, signal.SIGKILL)
```
### CAP\_NET\_BIND\_SERVICE
**This means that it's possible to listen in any port \(even in privileged ones\).** You cannot escalate privileges directly with this capability.
#### Example with binary
If **`python`** has this capability it will be able to listen on any port and even connect from it to any other port \(some services require connections from specific privileges ports\)
{% tabs %}
{% tab title="Listen" %}
```python
import socket
s=socket.socket()
s.bind(('0.0.0.0', 80))
s.listen(1)
conn, addr = s.accept()
```
{% endtab %}
{% tab title="Connect" %}
```python
import socket
s=socket.socket()
s.bind(('0.0.0.0',500))
s.connect(('10.10.10.10',500))
```
{% endtab %}
{% endtabs %}
## References
* [https://vulp3cula.gitbook.io/hackers-grimoire/post-exploitation/privesc-linux](https://vulp3cula.gitbook.io/hackers-grimoire/post-exploitation/privesc-linux)