Performing Privilege Escalation Assessment

When to Use

• After gaining initial low-privilege access during a penetration test to demonstrate full system compromise
• Assessing the security hardening of Linux and Windows servers against local privilege escalation attacks
• Evaluating whether endpoint detection and response (EDR) tools detect common privilege escalation techniques
• Testing the effectiveness of least-privilege policies and application whitelisting on endpoints
• Validating that container breakout and VM escape controls are properly configured

Do not use without written authorization, against production systems where exploitation could cause downtime, or for deploying kernel exploits on systems without prior approval and rollback capability.

Prerequisites

• Low-privilege shell access (reverse shell, SSH, RDP) to the target system obtained through authorized means
• Privilege escalation enumeration scripts: linPEAS (Linux), winPEAS (Windows), Linux Smart Enumeration (LSE)
• Compiled kernel exploits for common CVEs or access to compilation tools on the target
• GTFOBins reference for Linux SUID/sudo binary abuse and LOLBAS reference for Windows living-off-the-land binaries
• Precompiled post-exploitation binaries for the target architecture if compilation is not available on the target