SKILL: Linux Privilege Escalation — Expert Attack Playbook

AI LOAD INSTRUCTION: Expert Linux privesc techniques. Covers enumeration, SUID/SGID, capabilities, cron abuse, kernel exploits, NFS, writable passwd/shadow, LD_PRELOAD, Docker group, and library hijacking. Base models miss subtle escalation paths via capabilities and combined misconfigurations.

0. RELATED ROUTING

Before going deep, consider loading:

• container-escape-techniques when the target is a container and you need to escape to host
• linux-security-bypass when facing restricted shells, AppArmor, SELinux, or seccomp
• linux-lateral-movement after obtaining root for pivoting to adjacent hosts
• kubernetes-pentesting when the host is a Kubernetes node

Advanced Reference

Also load SUID_CAPABILITIES_TRICKS.md when you need:

• Top 30 SUID binaries with exact exploitation commands (GTFOBins)
• Capability-specific exploitation for each dangerous cap
• Custom SUID binary exploitation methodology