post-exploit-linux

该技能与其声明目的高度一致，但其目的本身是为 AI 代理提供完整 Linux 后渗透、提权、搜集凭据、规避取证和横向移动准备能力。不存在明显伪装成无害工具的迹象，因此更像高风险 offensive skill 而非隐蔽恶意植入；但对安全分类应判为高危、可被直接用于未授权入侵与凭据窃取，整体应标记为 SUSPICIOUS/HIGH RISK 而非 BENIGN。

This module is explicitly designed to enable real-world Linux post-exploitation privilege escalation. It embeds exact payload strings for obtaining root shells via sudo/GTFOBins-style abuse, escalations via `find -exec`, and container-to-host breakout using docker group privileges (including host root mounting). Even without executing code itself, the embedded actionable exploit guidance makes the artifact highly malicious and unsafe to use in any production or automated context.

This fragment is a highly suspicious credential-harvesting script/guide. It enumerates and directly reads numerous sensitive secret sources (web app config files, shell history, SSH keys, database credentials, environment variables and command-line args from /proc, Docker/Git credentials, cron secrets, and potentially /etc/shadow) and outputs them to stdout. This aligns closely with malicious credential theft behavior rather than legitimate diagnostics. No obfuscation is present, but the intent and target set indicate strong maliciousness.

The provided fragment is an offensive privilege-escalation and credential-compromise runbook. It directs discovery of exploitable conditions, then performs or enables privileged modifications (authorized_keys, /etc/passwd, SUID payload placement, systemd/dynamic loader changes), executes downloaded/compiled exploit code, and extracts/uses highly sensitive secrets (/etc/shadow, /proc secrets, history). If included in any dependency package, installer, or CI/build step, it would be an extremely high supply-chain risk artifact with direct paths to root compromise.

This fragment is an explicitly malicious, weaponizable local privilege escalation playbook for obtaining root on Linux (sudo/SUID/capabilities/cron), including persistence and credential-file modification primitives. If included in a software dependency or distributed alongside a package, it significantly increases compromise capability and should be treated as high-risk material. No direct evidence of covert behavior beyond the instructional content is present in this excerpt.