Capabilities

cap_setuid	Allows a process to set its effective user ID, which can be used to gain the privileges of another user, including the root user.
cap_setgid	Allows to set its effective group ID, which can be used to gain the privileges of another group, including the root group.
cap_sys_admin	This capability provides a broad range of administrative privileges, including the ability to perform many actions reserved for the root user, such as modifying system settings and mounting and unmounting file systems.
cap_dac_override	Allows bypassing of file read, write, and execute permission checks.

Capability Values	Description
=	This value sets the specified capability for the executable, but does not grant any privileges. This can be useful if we want to clear a previously set capability for the executable.
+ep	This value grants the effective and permitted privileges for the specified capability to the executable. This allows the executable to perform the actions that the capability allows but does not allow it to perform any actions that are not allowed by the capability.
+ei	This value grants sufficient and inheritable privileges for the specified capability to the executable. This allows the executable to perform the actions that the capability allows and child processes spawned by the executable to inherit the capability and perform the same actions.
+p	This value grants the permitted privileges for the specified capability to the executable. This allows the executable to perform the actions that the capability allows but does not allow it to perform any actions that are not allowed by the capability. This can be useful if we want to grant the capability to the executable but prevent it from inheriting the capability or allowing child processes to inherit it.

To find capabilities of the binaries we can use find command

find /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin -type f -exec getcap {} \;

Or just getcap on a particular binary

getcap /usr/bin/vim.basic /usr/bin/vim.basic = cap_dac_override+eip

So let's say vim has this capability of cap_dac_override+eip -> We can use this to read,write and modify files. For example in /etc/passwd we see root in the first line

cat /etc/passwd | head -n1

root:x:0:0:root:/root:/bin/bash

Now if we use vim to remove the "x" in the first line of this file, it skips requiring passwords to login as root.

We can use "I" to insert in vim. Then ESC+:+wq! and enter