run wpa_supplican with Linux capabilities instead of privileged process
apk add libcap-utils
doas setcap cap_net_admin,cap_net_raw+ep /sbin/wpa_supplicant
## sudo chown wpas wpa_supplicant ##optional
## sudo chmod 0100 wpa_supplicant ##optional
This combination of setcap, chown, and chmod commands would allow wpas user to execute wpa_supplicant with additional network admin/raw capabilities.
cat ./wifi
wpa_supplicant -B -Dnl80211 -iwlan0 -c ~/.wpa/config
doas udhcpc -i wlan0 -q
cat ~/.wpa/config
ctrl_interface=/home/kai/.wpa
update_config=1
network={
ssid="somessid"
psk="strongpassword"
}
wpa_cli -p ~/.wpa
remove capabilities
setcap -r </path/to/bin>
find caps of bin
getcap /sbin/wpa_supplicant
search all bins with caps
getcap -r /
https://book.hacktricks.xyz/linux-hardening/privilege-escalation/linux-capabilities
Comments
Post a Comment