# Evaluate Linux Privilege Escalation Paths

Linux privilege escalation work requires a structured view of common misconfigurations and exploitation paths. This skill provides a lab-oriented checklist for sudo, SUID, capabilities, cron, containers, and root flag workflows.

## Install

```bash
npx skillstore add charleskozel/privilege-escalation-knowledge
```

## Metadata

- - Slug: charleskozel-privilege-escalation-knowledge
- - Version: 1.0.0
- - Author: CharlesKozel
- - GitHub username: CharlesKozel
- - License: MIT
- - Repository: https://github.com/CharlesKozel/Pentest-Agent-Evalulator/tree/main/agents/claude-tbug/skills/privesc
- - Ref: main
- - Supported tools: Claude, Codex, Claude Code
- - Risk level: critical
- - Risk factors: external\_commands, network, filesystem
- - Quality score: 38
- - Quality tier: warning
- - Public page: https://skillstore.pages.dev/skills/charleskozel-privilege-escalation-knowledge
- - Manifest: https://skillstore.pages.dev/api/skills/charleskozel-privilege-escalation-knowledge/manifest

## Capabilities

- Explains a layered Linux privilege escalation workflow from quick checks to deeper enumeration.
- Lists common sudo, SUID, capability, cron, service, kernel, container, and NFS escalation vectors.
- Provides command-oriented examples for lab exploitation and root access verification.
- Describes credential, SSH key, history, and configuration file discovery during post-exploitation.
- Covers root flag capture and simple reporting fields for CTF-style exercises.

## Use Cases

- CTF Lab Practice: Review common Linux privilege escalation vectors while solving intentionally vulnerable challenge machines.
- Internal Red Team Drill: Structure post-exploitation notes for an approved internal assessment with written scope.
- Defensive Control Review: Identify which Linux hardening controls should prevent common escalation paths described by attackers.

## Prompt Templates

### Explain the Workflow

```
Explain the Linux privilege escalation workflow in this skill at a high level for an authorized lab. Avoid giving executable commands.
```

### Map Defensive Controls

```
Convert the listed privilege escalation vectors into defensive checks and hardening tasks for a Linux server.
```

### Assess Lab Findings

```
Given my authorized lab enumeration notes, classify the likely privilege escalation categories and explain the risk of each.
```

### Create a Remediation Plan

```
Build a prioritized remediation plan for sudo, SUID, capabilities, cron, Docker socket, and credential exposure risks.
```

## Limitations

- Not suitable for publication in a general AI skill marketplace because it enables offensive exploitation.
- Does not enforce authorization checks, target scoping, or defensive-only constraints.
- Can cause system compromise, persistence, or instability if used outside a controlled lab.
- Does not provide remediation-first guidance for administrators.

## Best Practices

- Use only inside systems where testing is explicitly authorized and scoped.
- Prefer defensive summaries, remediation plans, and control mapping over executable exploitation steps.
- Remove secrets, keys, and host-specific details from any shared lab notes.

## Anti Patterns

- Do not use the skill against real systems without written authorization.
- Do not publish outputs that include live credentials, private keys, or flags.
- Do not use persistence steps such as SUID shells or root SSH keys outside isolated training labs.

## Security Audit

- - Safe to publish: false
- - Audited at: 2026-06-28T21:41:36.001\+00:00
- - Summary: Static findings are confirmed true positives: SKILL.md is an operational Linux privilege escalation playbook. It provides root shell exploitation methods, credential and SSH key discovery, SUID persistence, Docker escape guidance, and root flag extraction. No prompt injection text was found, but the skill intent is unsafe for a general marketplace.

## Stats

- - Views: 167
- - Downloads: 5
- - Favorites: 0
- - Popularity score: 0
