Capabilities grant processes or binaries certain privileges that would otherwise be restricted.

Capability Sets

Capability	Description
cap_setuid	Allows a process to set its effective user ID, which can be used to gain the privileges of another user, including the root user.
cap_setgid	Allows toset its effective group ID , which can be used to gain the privileges of another group, including the root group.
cap_sys_admin	This capability provides a broad range of administrative privileges, including the ability to perform many actions reserved for the root user, such as modifying system settings and mounting and unmounting file systems.
cap_dac_override	Allows bypassing of file read, write, and execute permission checks.
=ep	The binary has ALL capabilities permitted and effective from the start.

# getcap /usr/bin/ping
/usr/bin/ping cap_net_raw=ep

Enumerating Capabilities

Option 1:
  getcap -r / 2>/dev/null

Option 2 (does not include snap results):
  find /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin -type f -exec getcap {} \;

Depending on the capability and binary, it might have an entry in GTFOBins. If there is no entry, it might not be a common binary but still has potential to elevate privileges.

References

https://unix.stackexchange.com/questions/515881/what-does-the-ep-capability-mean

Introduction

Info Gathering

Exploitation

Linux Capabilities

Capability Sets

Enumerating Capabilities

References

Introduction

Info Gathering

Exploitation

​Capability Sets

​Enumerating Capabilities

​References

Capability Sets

Enumerating Capabilities

References