An executable may support one or more function by providing a number of examples for their use, each example may support a number of contexts that determine the ability of that example to work in that particular condition.
| Shell | This executable can spawn an interactive system shell. |
|---|---|
| Command | This executable can run non-interactive system commands. |
| Reverse shell | This executable can send back a reverse system shell to a listening attacker. |
| Bind shell | This executable can bind a system shell to a local port waiting for an attacker to connect. |
| File write | This executable can write data to local files. |
| File read | This executable can read data from local files. |
| Upload | This executable can upload local data. |
| Download | This executable can download remote data. |
| Library load | This executable can load shared libraries that may be used to run arbitrary code in the same execution context. |
| Privilege escalation | This executable provides a mechanism for privilege escalation by indirectly enabling elevated privileges, such as setting the SUID bit or modifying the ownership of another executable. |
| Inherit | This executable can inherit functions from another. |
| Unprivileged | This function can be performed by any unprivileged user. |
|---|---|
| Sudo | This function is performed by the privileged user if executed via |
| SUID | This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped. |
| Capabilities | This function is performed bypassing the usual kernel permission checks if the executable has certain capabilities set. |