Linux Privilege Escalation

Linux Privilege Escalation

In this series, I will discuss with you my experience and learning from Pentesters Academy – Linux Privilege Escalation Boot camp.

In this, you will not only learn concepts theoretically but also all the practical approaches of exploitation. I have published a separate article discussing the labs from Attack Defence labs. The content includes knowledge of both Jeswin Mathai (Instructor) and my own research on the same concepts

Prerequisite Knowledge

  • Basics of Linux Operating System
    • File system
    • Commands and Utilities like cd, ls
  • Basics of Networking from Penstesting point of view
    • Network Interfaces
    • Packets / Sniffing
    • Protocols like HTTP, TCP, UDP
  • Working with tools like Nmap, burpsuite, hydra, curl and etc
  • Novice knowledge of c, python and Perl


  • Paid account of the pentester academy
  • A modern browser (Chrome is recommended)


  1. Understanding Linux File Permissions
  2. [LABS] Exploiting File Permissions Misconfigurations
  3. Demystifying SUID and SGID bits
  4. [LABS] Exploiting SUID Binaries to Get Root User Shell
  5. Understanding sudo in Linux
  6. [LABS] Exploiting Sudo Misconfigurations
  7. [LABS] Exploiting the Cron Jobs Misconfigurations – Part 1
  8. [LABS] Exploiting the Cron Jobs Misconfigurations – Part 2
  9. Understanding Concept of Shared Libraries
  10. [LABS] Exploiting Shared Library Misconfigurations
  11. [LABS] Getting the ROOT user from Web-based Applications
  12. [LABS] Exploiting Known Vulnerabilities in Third-Party Apps Running on Linux
  13. Breaking out of Restricted Shell Environment
  14. Breaking out of CHROOT Jailed Shell Environment
  15. Understanding Linux Capabilities
  16. [LABS] Exploiting Linux Capabilities – Part 1
  17. [LABS] Exploiting Linux Capabilities – Part 2
  18. [LABS] Exploiting Linux Capabilities – Part 3
  19. [LABS] Exploiting Linux Capabilities – Part 4
  20. [LABS] Exploiting Linux Capabilities – Part 5
  21. [LABS] Exploiting Linux Capabilities – Part 6
  22. Understanding Container Architecture
  23. [LABS] Container Breakout – Part 1
  24. [LABS] Container Breakout – Part 2
  25. [LABS] Attacking Docker Hosts – Part 1
  26. [LABS] Attacking Docker Hosts – Part 2
  27. [BONUS] Linux Privileges Escalation CTF Writeup