Linux Privilege Escalation
The Linux Challenge
Linux privilege escalation presents a different but equally complex challenge compared to Windows. While Linux systems follow a more straightforward permission model, the variety of distributions, configurations, and administrative practices creates numerous attack vectors. Unlike Windows' layered bureaucracy, Linux privilege escalation often exploits the principle of least privilege violations and misconfigurations in what should be a clean, hierarchical system.
Why Linux Is Unique
Linux security relies on file permissions, user/group memberships, and kernel-level controls. However, the flexibility that makes Linux powerful also creates opportunities for escalation. System administrators frequently configure SUID binaries, sudo rules, and cron jobs that, when misconfigured, provide direct paths to root access. The abundance of third-party software, custom scripts, and container technologies significantly expands the modern Linux attack surface.
Typical Entry Points Most Linux privilege escalation scenarios begin with limited access:
A standard user account obtained through SSH, web exploitation, or social engineering
A service account with restricted privileges (www-data, mysql, postgres)
A container context with limited capabilities
An application-specific user with constrained access
From there, the goal is to elevate to root, escape container boundaries, or gain access to sensitive data and systems.
What This Section Covers
This guide explores the most effective privilege escalation techniques used in real-world Linux environments. Each topic includes practical enumeration, exploitation techniques, and tool usage:
Each topic includes practical examples, indicators to look for during enumeration, and potential detection or mitigation notes where applicable.
Last updated
Was this helpful?