Fähigkeiten linux-privilege-escalation
🔐

linux-privilege-escalation

Kritisch ⚡ Enthält Skripte⚙️ Externe Befehle🌐 Netzwerkzugriff📁 Dateisystemzugriff

Execute Linux Privilege Escalation Assessments

Security professionals need systematic methods to identify privilege escalation vectors on Linux systems during authorized penetration tests. This skill provides comprehensive enumeration and exploitation workflows covering kernel vulnerabilities, sudo misconfigurations, SUID binaries, and cron job weaknesses.

UnterstĂźtzt: Claude Codex Code(CC)
⚠️ 55 Schlecht
1

Die Skill-ZIP herunterladen

2

In Claude hochladen

Gehe zu Einstellungen → Fähigkeiten → Skills → Skill hochladen

3

Einschalten und loslegen

Teste es

Verwendung von "linux-privilege-escalation". User runs sudo -l and finds they can execute /usr/bin/find as root

Erwartetes Ergebnis:

GTFOBins exploitation: Run 'sudo find . -exec /bin/bash \; -quit' to spawn a root shell. The find command's -exec flag allows arbitrary command execution with root privileges.

Verwendung von "linux-privilege-escalation". SUID base64 binary discovered at /usr/bin/base64

Erwartetes Ergebnis:

Exploit: Use 'base64 /etc/shadow | base64 -d > shadow.txt' to extract password hashes. Transfer shadow.txt to attacker machine and crack with 'john --wordlist=rockyou.txt shadow.txt' to recover plaintext passwords.

Verwendung von "linux-privilege-escalation". Root cron job executes writable script at /opt/scripts/backup.sh

Erwartetes Ergebnis:

Hijack: Append 'cp /bin/bash /tmp/bash; chmod +s /tmp/bash' to the script. After cron executes, run '/tmp/bash -p' for persistent root access via SUID backdoor.

Sicherheitsaudit

Kritisch
v1 • 2/25/2026

This skill contains complete weaponized exploitation workflows for Linux privilege escalation. While framed as educational content for penetration testing, it provides ready-to-use commands for gaining unauthorized root access, credential theft via /etc/shadow access, SUID backdoor creation, kernel exploitation, and persistent reverse shell payloads. The static scanner correctly identified 44 high-risk patterns including sudo exploitation, SUID manipulation, and shadow file access. False positives include Ruby backtick detection (actually bash commands in markdown). This content should only be distributed in controlled professional security contexts with explicit authorization requirements.

1
Gescannte Dateien
510
Analysierte Zeilen
20
befunde
1
Gesamtzahl Audits

Kritische Probleme (4)

SKILL.md:85-88SKILL.md:278-279SKILL.md:294-295SKILL.md:473
Credential File Access for Password Theft
Direct access to /etc/shadow and /etc/passwd files for credential harvesting. The skill teaches reading shadow hashes and cracking them with John the Ripper, enabling unauthorized password recovery for any system user.
SKILL.md:282-284SKILL.md:388-389SKILL.md:491
SUID Backdoor Creation
Instructions for creating persistent SUID root shells that provide permanent backdoor access. The skill teaches copying /bin/bash and setting the SUID bit, allowing any user to gain root access indefinitely.
SKILL.md:193-208SKILL.md:432-433
Kernel Exploitation with Crash Risk
Complete kernel exploit workflow including Dirty COW and Dirty Pipe exploitation. The skill acknowledges failed exploits may crash the system (line 433), indicating dangerous unstable code execution.
SKILL.md:410-422SKILL.md:146
Reverse Shell Payload Library
Multiple ready-to-use reverse shell payloads for bash, Python, Netcat, and Perl. These one-liners enable covert remote access and are commonly used in real attacks for persistent unauthorized access.

Probleme mit hohem Risiko (6)

SKILL.md:215-237SKILL.md:455-463
Sudo Misconfiguration Exploitation
Comprehensive guide to exploiting sudo permissions via GTFOBins techniques. Teaches escaping to root shell through common binaries like vim, find, awk, and python when available via sudo.
SKILL.md:239-262
LD_PRELOAD Shared Library Injection
Instructions for creating malicious shared libraries to hijack sudo execution. The provided C code sets uid/gid to 0 and spawns a root shell when loaded via LD_PRELOAD.
SKILL.md:322-331
UID/GID Manipulation for Root Access
Direct manipulation of process credentials using cap_setuid capability. Python, vim, and perl commands shown that set uid(0) to gain root privileges without password.
SKILL.md:351-361SKILL.md:484-497
Cron Job Hijacking
Techniques for modifying writable cron scripts to execute attacker commands as root. Includes adding reverse shell payloads to backup scripts that run with root privileges.
SKILL.md:363-375
PATH Hijacking Attack
Instructions for exploiting SUID binaries that call external commands by placing malicious executables in writable PATH directories. Creates fake 'service' command to spawn root shell.
SKILL.md:377-393
NFS no_root_squash Exploitation
Exploits NFS shares configured with no_root_squash to create SUID binaries on mounted shares. When executed on target, the binary runs as root providing unauthorized access.
Probleme mit mittlerem Risiko (3)
SKILL.md:146
Automated Reconnaissance Script Execution
Pipes curl directly to shell for LinPEAS execution. While common in penetration testing, this pattern downloads and executes unverified code which could be intercepted or modified.
SKILL.md:100-114
Network Service Enumeration
Extensive network reconnaissance commands including netstat, ss, and ip route enumeration. These could be used to map internal network topology for lateral movement.
SKILL.md:77-96
User Enumeration via passwd File
Commands to enumerate users with login shells and home directories. While /etc/passwd is world-readable, this information facilitates targeted attacks.
Probleme mit niedrigem Risiko (3)
SKILL.md:59-75
System Information Gathering
Basic enumeration commands for kernel version, hostname, and architecture. Standard reconnaissance that is necessary for vulnerability matching but low risk in isolation.
SKILL.md:116-128
Process and Service Enumeration
Commands to list running processes and identify services running as root. Useful for identifying exploitation targets but benign administrative commands.
SKILL.md:314-318
Capability Enumeration
Uses getcap to enumerate Linux capabilities on binaries. Standard security auditing command that identifies potential escalation vectors.

Risikofaktoren

⚡ Enthält Skripte (1)
SKILL.md:421
⚙️ Externe Befehle (7)
SKILL.md:232 SKILL.md:324 SKILL.md:252 SKILL.md:229 SKILL.md:388 SKILL.md:415 SKILL.md:421
🌐 Netzwerkzugriff (4)
SKILL.md:146 SKILL.md:165 SKILL.md:201 SKILL.md:412-418
📁 Dateisystemzugriff (8)
SKILL.md:85-88 SKILL.md:278-279 SKILL.md:294-295 SKILL.md:308-309 SKILL.md:473 SKILL.md:283-284 SKILL.md:389 SKILL.md:491

Erkannte Muster

Dynamic Code Execution via os.systemShell Command Execution via awkNetwork Callback via /dev/tcpSUID Permission Modification
Auditiert von: claude

Qualitätsbewertung

38
Architektur
100
Wartbarkeit
87
Inhalt
50
Community
0
Sicherheit
87
Spezifikationskonformität

Was du bauen kannst

Authorized Penetration Testing

Security consultants performing internal network assessments use this skill to systematically identify privilege escalation paths and demonstrate business impact of initial access.

Security Audit and Compliance

System administrators audit their own infrastructure to identify and remediate misconfigurations before attackers can exploit them.

Security Training and Education

Security professionals studying for certifications like OSCP, GPEN, or CRT use this skill to understand common Linux privilege escalation techniques in lab environments.

Probiere diese Prompts

Basic System Enumeration 
I have low-privilege shell access to a Linux system. Help me enumerate the system to identify potential privilege escalation vectors including kernel version, sudo permissions, SUID binaries, and running services.
Sudo Privilege Analysis 
I can run 'sudo -l' and see I have NOPASSWD access to specific binaries. Analyze the output and provide GTFOBins exploitation techniques for each allowed command.
SUID Binary Exploitation 
Find all SUID binaries on this system and identify which ones can be exploited for privilege escalation. Provide specific exploitation commands for each vulnerable binary.
Kernel Exploit Selection 
The kernel version is [VERSION]. Search for known exploits applicable to this kernel and provide compilation and execution instructions. Include fallback options if the primary exploit fails.

Bewährte Verfahren

  • Always obtain written authorization before testing and verify scope boundaries
  • Test kernel exploits in a lab environment before production use to avoid system crashes
  • Document all changes made during assessment for remediation and cleanup

Vermeiden

  • Running kernel exploits without understanding their mechanism or failure modes
  • Creating persistent backdoors beyond the authorized assessment period
  • Accessing or exfiltrating data beyond what is required to demonstrate privilege escalation

Häufig gestellte Fragen

Is this skill legal to use?
Only use this skill on systems you own or have explicit written authorization to test. Unauthorized privilege escalation is illegal in most jurisdictions. Always operate within defined scope boundaries.
Will kernel exploits work on all Linux systems?
No. Modern kernels include mitigations like ASLR, SMEP, and SMAP that block many exploits. Container environments also limit kernel-level attacks. Always verify kernel version and test exploits first.
What should I do if an exploit crashes the system?
This is why testing in lab environments is critical. If a crash occurs during authorized testing, document the incident, restore from backup if needed, and report it to the system owner immediately.
How do I know if a SUID binary is exploitable?
Check GTFOBins (gtfobins.github.io) for the specific binary. Many common binaries like find, vim, python, and base64 have known exploitation techniques when running with SUID.
Can this skill be used in cloud environments like AWS or Azure?
Cloud instances have additional restrictions. Kernel exploits typically fail in containers. Focus on misconfigurations like sudo permissions, capabilities, and IAM role abuse instead.
What is the difference between this skill and tools like LinPEAS?
LinPEAS automates enumeration but does not provide exploitation guidance. This skill covers both enumeration AND provides specific exploitation commands for identified vulnerabilities.

Entwicklerdetails

Autor

zebbern

Lizenz

MIT

Repository

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/linux-privilege-escalation

Ref

main

Dateistruktur

📄 SKILL.md