privilege-escalation-knowledgelisted

Comprehensive knowledge about Linux privilege escalation. Provides methodologies for enumerating and exploiting privesc vectors including SUID binaries, sudo permissions, capabilities, kernel exploits, cron jobs, and common misconfigurations. Includes systematic approach to capturing root flags.
aiskillstore/marketplace · ★ 329 · AI & Automation · score 79

Install: claude install-skill aiskillstore/marketplace

# Privilege Escalation Knowledge Base ## Purpose This knowledge base provides comprehensive privilege escalation methodologies for Linux systems. It covers escalating from low-privilege users (www-data, user) to root, then capturing the root flag. ## Layered Privilege Escalation Strategy **Core Principle:** Escalate systematically through 3 layers - from quick wins to exhaustive enumeration. ### Layer Framework: ``` Layer 1 (Quick Wins - Manual): - Check most common vectors immediately - Goal: Find easy privesc within 2-3 minutes - Focus: sudo -l, SUID, obvious misconfigurations - Time: 2-5 minutes Layer 2 (Deep Enumeration - Automated): - Run comprehensive enumeration tools - Goal: Find all possible privesc vectors - Focus: linpeas, linenum, pspy - Time: 5-15 minutes Layer 3 (Alternative Methods): - Try less common vectors or kernel exploits - Goal: Find overlooked or complex privesc paths - Focus: Kernel exploits, container escape, NFS, etc. - Time: Variable ``` **Escalation Triggers:** - Layer 1 finds nothing obvious → Run Layer 2 enumeration - Layer 2 finds vectors but exploitation fails → Try Layer 3 alternatives - Layer 3 fails → Re-examine reconnaissance, may have missed service/config ## Core Strategy Systematic execution: 1. **Quick Wins** (Layer 1): Check easy vectors first (sudo, SUID, capabilities) 2. **Deep Enumeration** (Layer 2): Use automated tools to find all vectors 3. **Alternative Vectors** (Layer 3): Kernel exploits, cont