Capabilities
hatter@wonderland:/home/hatter$ getcap -r / 2>/dev/null
/usr/bin/perl5.26.1 = cap_setuid+ep
/usr/bin/mtr-packet = cap_net_raw+ep
/usr/bin/perl = cap_setuid+epIn the earlier stage, it was discovered by PEAS that the perl binary has a capability to set UID
hatter@wonderland:/home/hatter$ ll /usr/bin/perl /usr/bin/perl5.26.1
-rwxr-xr-- 2 root hatter 2097720 Nov 19 2018 /usr/bin/perl*
-rwxr-xr-- 2 root hatter 2097720 Nov 19 2018 /usr/bin/perl5.26.1*However, the execution is only granted to the root account and hatter user
Now that I have compromised the hatter account, I can leverage the perl binary to gain Privilege Escalation