PwnKata
Start drilling free
Home Linux Privilege Escalation
Topic · 11 live drills

Linux Privilege Escalation

Build reflexes for the most common way to go from a shell to root on Linux. Each technique is its own repeatable drill on a real, throwaway box.

Most real-world Linux compromises don't end at a low-privilege shell — they end at root, reached through a small misconfiguration: a permissive sudo rule, a SUID binary that shouldn't be one, a writable cron PATH, an over-broad file capability. Spotting which one applies, fast, is the skill that separates a stalled engagement from a finished one.

Each PwnKata drill isolates a single privilege-escalation primitive on its own disposable box. Solve it and the next rep reshapes the flaw — a different binary, a different path, a different account — so you practice recognising the pattern instead of replaying one walkthrough. Every variant is proven solvable before it ships.

Linux · Privilege Escalation Live

File Capability Privilege Escalation

Linux file capabilities can grant one binary more power than intended. Drill finding and abusing that mistake.

easy
Linux · Privilege Escalation Live

sudo -l Privilege Escalation

A misconfigured sudo rule is one of the most common real-world Linux privesc paths. Drill it until `sudo -l` is the first thing your fingers type.

easy
Linux · Privilege Escalation Live

SUID Binary Privilege Escalation

A stray SUID bit on the wrong binary is an instant root. Drill enumerating and abusing SUID binaries until it's automatic.

easy
Linux · Privilege Escalation Live

Cron PATH Hijack

When a root scheduled task trusts PATH, the writable directory before system paths becomes the attack surface.

medium
Linux · Privilege Escalation Live

Writable /etc/passwd

A writable account database is root if you preserve the format and authenticate correctly.

medium
Linux · Privilege Escalation Live

Linux Exposed Local Secrets

Linux Exposed Local Secrets distilled into repeatable single-technique reps on isolated targets.

easy
Passwords Live

Password Cracking Fundamentals

Password Cracking Fundamentals distilled into repeatable single-technique reps on isolated targets.

medium
Linux · Privilege Escalation Live

Linux Privileged Group Abuse

Linux Privileged Group Abuse distilled into repeatable single-technique reps on isolated targets.

medium
Linux · Privilege Escalation Live

Linux Wildcard Injection

Linux Wildcard Injection distilled into repeatable single-technique reps on isolated targets.

medium
Linux · Privilege Escalation Live

Linux Library and Module Hijack

Linux Library and Module Hijack distilled into repeatable single-technique reps on isolated targets.

medium
Linux · Privilege Escalation Live

Linux Local Service Component Hijack

Linux Local Service Component Hijack distilled into repeatable single-technique reps on isolated targets.

medium
Linux · Privilege Escalation Soon

Linux Restricted Shell Escape

Linux Restricted Shell Escape distilled into repeatable single-technique reps on isolated targets.

medium

Start drilling linux privilege escalation

Free to start — live isolated targets, a fresh variant every rep.

Start drilling

Other topics

Web Exploitation

Web attack fundamentals, isolated into single-technique drills you can run until they're automatic.

Explore

Windows Privilege Escalation

Real Windows local-privesc reps backed by disposable VM targets, not Linux simulations.

Explore

Active Directory

AD attack primitives, reduced to focused reps with simulated LDAP and Kerberos services inside the isolated target.

Explore

Network Services

Service enumeration drills that teach the workflow: discover access, walk useful data, and prove impact.

Explore

Cloud Security

Cloud credential-exposure drills using simulated provider metadata APIs, no real cloud account required.

Explore