Privilege Escalation on Linux
Techniques for elevating from low-privilege user to root on Linux through misconfigurations and software vulnerabilities.
Techniques for elevating from low-privilege user to root on Linux through misconfigurations and software vulnerabilities.
Continue your mission
Linux privilege escalation encompasses the systematic techniques adversaries use to elevate from a low-privilege user account to root access on a compromised system. These techniques target misconfigurations, vulnerable software, and design weaknesses in Linux systems.
Attackers enumerate the target system for escalation vectors using automated tools like LinPEAS and manual techniques. Common vectors include misconfigured SUID/SGID binaries that run with elevated privileges, writable cron jobs running as root, exploitable sudo misconfigurations allowing specific commands without passwords, kernel vulnerabilities enabling direct privilege escalation, writable PATH directories allowing binary hijacking, and exposed credentials in configuration files or history files. Attackers also target NFS shares with no_root_squash, Docker socket access granting container escape to host root, and capabilities assigned to binaries that enable privilege bypass.
Privilege escalation transforms a limited foothold into complete system control. In most attack chains, initial access provides only user-level permissions. Without escalation, attackers cannot access sensitive data, modify system configurations, establish persistent backdoors, or pivot to other systems. Defenders must understand these techniques to harden Linux systems through proper configuration, minimal privilege assignment, and regular auditing.
CDA addresses Linux privilege escalation across the VSD and SPH domains. Theater missions require operators to both exploit and remediate common escalation paths. Our C-HARDEN campaign includes specific missions for Linux hardening that systematically eliminate privilege escalation vectors.
CDA Theater missions that address topics covered in this article.
Rogue access point detection identifies unauthorized wireless APs on the network using WIPS sensors, wired-side monitoring, and signal triangulation to prevent network bypass.
LLM security risks include data leakage, prompt injection, model supply chain attacks, and unauthorized tool execution, requiring organizations to treat AI models as high-privilege components.
Written by CDA Editorial
Found an issue? Help improve this article.