linux
ethical-hacking
suid
privilege-escalation
lateral-movement
sudo
Getting in is not enough. You have to rise. You have to take control.
Accessing a system doesn't mean you've won. You're inside, yes, but chained. The real game begins when you need more. More permissions. More control. More power.
That's what privilege escalation is. And this lesson is a map to find the cracks in a structure built by hands that make mistakes.
Privilege escalation happens when a user with limited access manages to perform actions reserved for higher authority accounts, like root
.
root
).Because systems are configured by humans.
And humans make mistakes.
Common mistakes that allow escalation:
sudo
access.The SUID (Set User ID) bit, when set on an executable file, allows any user to run the file with the owner's permissions.
For example:
1ls -l /usr/bin/passwd 2-rwsr-xr-x 1 root root 54256 Jan 1 00:00 /usr/bin/passwd
That s
instead of x
means it has SUID.
The passwd
binary needs to modify /etc/shadow
, but normal users don't have that permission. SUID allows this action in a controlled way.
But when custom or insecure binaries have this bit... unexpected paths open up.
1find / -perm -4000 -type f 2>/dev/null
If you find a binary owned by
root
, with SUID, and you can execute it… you know what to do.
sudo
?sudo
allows users to run commands with elevated privileges, usually as root
. Depending on the configuration in /etc/sudoers
, there may be escalation opportunities.
Example of a bad configuration:
1carla ALL=(ALL) NOPASSWD: /usr/bin/less
This allows the user carla
to run less
as root
, without authentication. And from there, you can launch an interactive shell:
1sudo less /etc/shadow 2!bash
If you can't go up, move sideways.
With access to multiple users, you can:
.bash_history
, .ssh/
, Documents/
, Downloads/
.A different user may have weaker configurations or access to sensitive tools.
It's common to find folder hierarchies like:
Accounting
Financial
Team
Human Resources
Support
Their purpose may be purely aesthetic or to distract. The goal is to throw you off.
The real information—if it exists—is not there.
Look for files with users, passwords, or strange binaries.
Privilege escalation is one of the most critical phases of ethical hacking. It means taking control, seeing the system as the administrator does, and removing limitations.
The system let you in. Now you show it that was a mistake.