Archived

A program to escalate to root privileges with many different capabilities

c capabilities cmake cpp linux linux-capabilities privilege-escalation

This repository has been archived on 2026-05-18. You can view files and clone it, but you cannot make any changes to its state, such as pushing and creating new issues, pull requests or comments.

C++ 69.6%
C 26%
CMake 4.4%

Find a file

Jacob 47f03506b4 Update README.md		2026-05-19 03:41:06 +00:00
.idea	Initial	2024-10-17 09:23:11 -04:00
libsrc	Initial	2024-10-17 09:23:11 -04:00
rootersrc	Initial	2024-10-17 09:23:11 -04:00
src	Initial	2024-10-17 09:23:11 -04:00
.gitignore	Initial	2024-10-17 09:23:11 -04:00
CMakeLists.txt	Initial	2024-10-17 09:23:11 -04:00
LICENSE	Initial commit	2024-10-16 21:34:23 -04:00
README.md	Update README.md	2026-05-19 03:41:06 +00:00

README.md

Superseeded

This program has been superseeded by a re-written version available here

capscalate

A program to escalate to root privileges with many different capabilities

Disclaimer

A few of these "exploits" cat cause temporary or permanat damage to a system if the "exploit" fails. Always have a root shell open while running these so you can fix any issues.

What can they do?

The exploit for CAP_SYS_ADMIN can temporarily render your system unusable until a reboot as it overwrites /usr/lib/libpam with a bind mount. If everything goes successfully, A reboot will not be required.
The exploit for CAP_CHOWN could render your system with a corrupted /etc/shadow. Make sure to back it up before running.

How do I use these?

Clone the repo: git clone https://github.com/Jacoblightning/capscalate && cd capscalate'

1.5. At this point in development, there is no autodetect functionality. You will have to edit main.cpp to run the one you want.

Build capscalate: mkdir build && cd build && cmake .. && cmake --build .
Add the capability you want to exploit: sudo setcap <capability>+ep capscalate
Run capscalate: ./capscalate
Reap the benefits of a root shell.