linux-privilege-escalation
Fail
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Fetches the LinPEAS enumeration script from GitHub and executes it directly via shell piping (
curl -L ... | sh). - [COMMAND_EXECUTION]: Executes high-risk privilege escalation techniques including sudo command injection (e.g.,
sudo vim -c ':!/bin/bash'), SUID binary exploitation (e.g., usingbase64to read restricted files), and Linux kernel exploit execution. - [DATA_EXFILTRATION]: Facilitates remote access and potential data transfer through the use of reverse shell one-liners in Bash, Python, Netcat, and Perl targeting external IP addresses.
- [COMMAND_EXECUTION]: Performs PATH hijacking by modifying the
PATHenvironment variable and creating malicious binaries in writable directories to gain elevated privileges. - [COMMAND_EXECUTION]: Implements persistence and privilege escalation through cron job script hijacking and NFS
no_root_squashexploitation. - [REMOTE_CODE_EXECUTION]: Includes instructions for compiling and executing arbitrary C code (e.g.,
gcc exploit.c -o exploit) to facilitate kernel-level exploitation.
Recommendations
- HIGH: Downloads and executes remote code from: https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh - DO NOT USE without thorough review
Audit Metadata