Compétences linux-privilege-escalation
🔐

linux-privilege-escalation

Critique ⚡ Contient des scripts⚙ Commandes externes🌐 AccĂšs rĂ©seau📁 AccĂšs au systĂšme de fichiers

Execute Linux Privilege Escalation Assessments

Security professionals need systematic methods to identify privilege escalation vectors on Linux systems during authorized penetration tests. This skill provides comprehensive enumeration and exploitation workflows covering kernel vulnerabilities, sudo misconfigurations, SUID binaries, and cron job weaknesses.

Prend en charge: Claude Codex Code(CC)
⚠ 55 MĂ©diocre
1

Télécharger le ZIP du skill

2

Importer dans Claude

Allez dans ParamĂštres → CapacitĂ©s → Skills → Importer un skill

3

Activez et commencez Ă  utiliser

Tester

Utilisation de "linux-privilege-escalation". User runs sudo -l and finds they can execute /usr/bin/find as root

RĂ©sultat attendu:

GTFOBins exploitation: Run 'sudo find . -exec /bin/bash \; -quit' to spawn a root shell. The find command's -exec flag allows arbitrary command execution with root privileges.

Utilisation de "linux-privilege-escalation". SUID base64 binary discovered at /usr/bin/base64

RĂ©sultat attendu:

Exploit: Use 'base64 /etc/shadow | base64 -d > shadow.txt' to extract password hashes. Transfer shadow.txt to attacker machine and crack with 'john --wordlist=rockyou.txt shadow.txt' to recover plaintext passwords.

Utilisation de "linux-privilege-escalation". Root cron job executes writable script at /opt/scripts/backup.sh

RĂ©sultat attendu:

Hijack: Append 'cp /bin/bash /tmp/bash; chmod +s /tmp/bash' to the script. After cron executes, run '/tmp/bash -p' for persistent root access via SUID backdoor.

Audit de sécurité

Critique
v1 ‱ 2/25/2026

This skill contains complete weaponized exploitation workflows for Linux privilege escalation. While framed as educational content for penetration testing, it provides ready-to-use commands for gaining unauthorized root access, credential theft via /etc/shadow access, SUID backdoor creation, kernel exploitation, and persistent reverse shell payloads. The static scanner correctly identified 44 high-risk patterns including sudo exploitation, SUID manipulation, and shadow file access. False positives include Ruby backtick detection (actually bash commands in markdown). This content should only be distributed in controlled professional security contexts with explicit authorization requirements.

1
Fichiers analysés
510
Lignes analysées
20
résultats
1
Total des audits

ProblĂšmes critiques (4)

SKILL.md:85-88SKILL.md:278-279SKILL.md:294-295SKILL.md:473
Credential File Access for Password Theft
Direct access to /etc/shadow and /etc/passwd files for credential harvesting. The skill teaches reading shadow hashes and cracking them with John the Ripper, enabling unauthorized password recovery for any system user.
SKILL.md:282-284SKILL.md:388-389SKILL.md:491
SUID Backdoor Creation
Instructions for creating persistent SUID root shells that provide permanent backdoor access. The skill teaches copying /bin/bash and setting the SUID bit, allowing any user to gain root access indefinitely.
SKILL.md:193-208SKILL.md:432-433
Kernel Exploitation with Crash Risk
Complete kernel exploit workflow including Dirty COW and Dirty Pipe exploitation. The skill acknowledges failed exploits may crash the system (line 433), indicating dangerous unstable code execution.
SKILL.md:410-422SKILL.md:146
Reverse Shell Payload Library
Multiple ready-to-use reverse shell payloads for bash, Python, Netcat, and Perl. These one-liners enable covert remote access and are commonly used in real attacks for persistent unauthorized access.

ProblÚmes à risque élevé (6)

SKILL.md:215-237SKILL.md:455-463
Sudo Misconfiguration Exploitation
Comprehensive guide to exploiting sudo permissions via GTFOBins techniques. Teaches escaping to root shell through common binaries like vim, find, awk, and python when available via sudo.
SKILL.md:239-262
LD_PRELOAD Shared Library Injection
Instructions for creating malicious shared libraries to hijack sudo execution. The provided C code sets uid/gid to 0 and spawns a root shell when loaded via LD_PRELOAD.
SKILL.md:322-331
UID/GID Manipulation for Root Access
Direct manipulation of process credentials using cap_setuid capability. Python, vim, and perl commands shown that set uid(0) to gain root privileges without password.
SKILL.md:351-361SKILL.md:484-497
Cron Job Hijacking
Techniques for modifying writable cron scripts to execute attacker commands as root. Includes adding reverse shell payloads to backup scripts that run with root privileges.
SKILL.md:363-375
PATH Hijacking Attack
Instructions for exploiting SUID binaries that call external commands by placing malicious executables in writable PATH directories. Creates fake 'service' command to spawn root shell.
SKILL.md:377-393
NFS no_root_squash Exploitation
Exploits NFS shares configured with no_root_squash to create SUID binaries on mounted shares. When executed on target, the binary runs as root providing unauthorized access.
ProblĂšmes Ă  risque moyen (3)
SKILL.md:146
Automated Reconnaissance Script Execution
Pipes curl directly to shell for LinPEAS execution. While common in penetration testing, this pattern downloads and executes unverified code which could be intercepted or modified.
SKILL.md:100-114
Network Service Enumeration
Extensive network reconnaissance commands including netstat, ss, and ip route enumeration. These could be used to map internal network topology for lateral movement.
SKILL.md:77-96
User Enumeration via passwd File
Commands to enumerate users with login shells and home directories. While /etc/passwd is world-readable, this information facilitates targeted attacks.
ProblĂšmes Ă  risque faible (3)
SKILL.md:59-75
System Information Gathering
Basic enumeration commands for kernel version, hostname, and architecture. Standard reconnaissance that is necessary for vulnerability matching but low risk in isolation.
SKILL.md:116-128
Process and Service Enumeration
Commands to list running processes and identify services running as root. Useful for identifying exploitation targets but benign administrative commands.
SKILL.md:314-318
Capability Enumeration
Uses getcap to enumerate Linux capabilities on binaries. Standard security auditing command that identifies potential escalation vectors.

Facteurs de risque

⚡ Contient des scripts (1)
SKILL.md:421
⚙ Commandes externes (7)
SKILL.md:232 SKILL.md:324 SKILL.md:252 SKILL.md:229 SKILL.md:388 SKILL.md:415 SKILL.md:421
🌐 AccĂšs rĂ©seau (4)
SKILL.md:146 SKILL.md:165 SKILL.md:201 SKILL.md:412-418
📁 Accùs au systùme de fichiers (8)
SKILL.md:85-88 SKILL.md:278-279 SKILL.md:294-295 SKILL.md:308-309 SKILL.md:473 SKILL.md:283-284 SKILL.md:389 SKILL.md:491

Motifs détectés

Dynamic Code Execution via os.systemShell Command Execution via awkNetwork Callback via /dev/tcpSUID Permission Modification
Audité par: claude

Score de qualité

38
Architecture
100
Maintenabilité
87
Contenu
50
Communauté
0
Sécurité
87
Conformité aux spécifications

Ce que vous pouvez construire

Authorized Penetration Testing

Security consultants performing internal network assessments use this skill to systematically identify privilege escalation paths and demonstrate business impact of initial access.

Security Audit and Compliance

System administrators audit their own infrastructure to identify and remediate misconfigurations before attackers can exploit them.

Security Training and Education

Security professionals studying for certifications like OSCP, GPEN, or CRT use this skill to understand common Linux privilege escalation techniques in lab environments.

Essayez ces prompts

Basic System Enumeration 
I have low-privilege shell access to a Linux system. Help me enumerate the system to identify potential privilege escalation vectors including kernel version, sudo permissions, SUID binaries, and running services.
Sudo Privilege Analysis 
I can run 'sudo -l' and see I have NOPASSWD access to specific binaries. Analyze the output and provide GTFOBins exploitation techniques for each allowed command.
SUID Binary Exploitation 
Find all SUID binaries on this system and identify which ones can be exploited for privilege escalation. Provide specific exploitation commands for each vulnerable binary.
Kernel Exploit Selection 
The kernel version is [VERSION]. Search for known exploits applicable to this kernel and provide compilation and execution instructions. Include fallback options if the primary exploit fails.

Bonnes pratiques

  • Always obtain written authorization before testing and verify scope boundaries
  • Test kernel exploits in a lab environment before production use to avoid system crashes
  • Document all changes made during assessment for remediation and cleanup

Éviter

  • Running kernel exploits without understanding their mechanism or failure modes
  • Creating persistent backdoors beyond the authorized assessment period
  • Accessing or exfiltrating data beyond what is required to demonstrate privilege escalation

Foire aux questions

Is this skill legal to use?
Only use this skill on systems you own or have explicit written authorization to test. Unauthorized privilege escalation is illegal in most jurisdictions. Always operate within defined scope boundaries.
Will kernel exploits work on all Linux systems?
No. Modern kernels include mitigations like ASLR, SMEP, and SMAP that block many exploits. Container environments also limit kernel-level attacks. Always verify kernel version and test exploits first.
What should I do if an exploit crashes the system?
This is why testing in lab environments is critical. If a crash occurs during authorized testing, document the incident, restore from backup if needed, and report it to the system owner immediately.
How do I know if a SUID binary is exploitable?
Check GTFOBins (gtfobins.github.io) for the specific binary. Many common binaries like find, vim, python, and base64 have known exploitation techniques when running with SUID.
Can this skill be used in cloud environments like AWS or Azure?
Cloud instances have additional restrictions. Kernel exploits typically fail in containers. Focus on misconfigurations like sudo permissions, capabilities, and IAM role abuse instead.
What is the difference between this skill and tools like LinPEAS?
LinPEAS automates enumeration but does not provide exploitation guidance. This skill covers both enumeration AND provides specific exploitation commands for identified vulnerabilities.

Détails du développeur

Auteur

zebbern

Licence

MIT

DĂ©pĂŽt

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/linux-privilege-escalation

RĂ©f

main

Structure de fichiers

📄 SKILL.md