Linux Privilege Escalation

Overview

Linux privilege escalation elevates access from a low-privileged user to root. After gaining initial access (web shell, SSH, reverse shell), escalation targets misconfigurations in file permissions, sudo rules, scheduled tasks, services, and kernel vulnerabilities. The methodology is systematic: enumerate, identify vectors, exploit, and verify elevated access.

Topics in This Section

• SUID/SGID Exploitation
• Sudo Abuse
• Kernel Exploits
• Cron Job Exploitation
• Linux Capabilities
• Container Breakout

General Approach

1. Run automated enumeration — linpeas.sh to identify all potential vectors at once
2. Check sudo permissions — sudo -l is the single highest-value command
3. Check SUID/SGID binaries — find non-standard SUID binaries
4. Check capabilities — getcap -r / for binaries with elevated capabilities
5. Check cron jobs — writable scripts, wildcard injection, PATH manipulation
6. Check writable files — service configs, scripts executed by root, PATH directories
7. Check kernel version — last resort, kernel exploits can crash the system
8. Check container context — if in Docker/LXC, look for breakout paths