Linux Privilege Escalation

MC-03

From a low-privileged shell to root. SUID, cron, capabilities, sudo misconfigs and kernel exploits.

12 lessons3 modulesIntermediatelinPEAS + GTFOBins

Start Learning ← All Courses

kali@cyby-lab: ~

$ ./linpeas.sh | grep -i "potential vector"

[*] Running LinPEAS...

[!] SUID: /usr/bin/find

[!] Sudo: (ALL) NOPASSWD: /usr/bin/vim

[!] Writable cron: /etc/cron.d/backup

$ █

+120 XP

Why this matters right now

Linux PrivEsc — a key skill for every pentester

95%of CTF challenges include Linux PrivEsc

Root inan average of 4 hours in a real pentest

200+privesc techniques in GTFOBins

DirtyCowpatched, but analogues appear every year

After the course you will be able to

Not abstract knowledge — concrete skills you can demonstrate in an interview

🔍Manual system recon: id, uname, env, find

🤖linPEAS: automated escalation vector discovery

🔑SUID exploitation for root privileges

⚙️Sudo bypass via sudoers misconfigurations

⏰Cron jobs hijacking — scheduler task interception

💥Kernel exploits: DirtyCow, OverlayFS and their analogues

🐋Docker escape techniques from container to host

📚GTFOBins: living off standard system binaries

Real attacks in the course

Every lesson is built on real incidents — not made-up examples

Real case2016

DirtyCow (CVE-2016-5195)

A race condition in the Linux kernel allowed an unprivileged user to gain root. Millions of Android devices and Linux servers were affected.

Module 03 · Kernel exploits

Real case2021

Sudo Baron Samedit (CVE-2021-3156)

A heap-based buffer overflow in sudo allowed gaining root on Ubuntu, Fedora and Debian without knowing the password. The vulnerability existed for 10 years.

Module 01 · Sudo misconfigurations

Success story2024

HTB: typical PrivEsc chain

On real HackTheBox machines the classic chain is: SUID binary → PATH hijacking → sudo -l → root. These are exactly the techniques taught in the course.

Module 02 · Advanced techniques

Course Program

3 modules · 12 lessons · from basic recon to kernel exploits

Where this course leads

MC-03 — an essential skill for three career paths in cybersecurity

$2,000 — $5,500/mo

Pentester

Conduct a full attack cycle: from recon to root on target Linux systems.

linPEASGTFOBinsKali LinuxOSCP prep

Track:FC-02 → MC-03 → MC-05

$3,000 — $7,000/mo

Red Team Operator

Simulate APT group attacks, escalate privileges in corporate Linux infrastructures.

PrivEscPersistenceLateral MovementOPSEC

Track:MC-03 → MC-04 → MC-05

$500 — $10,000/tournament

CTF Player

Solve Linux PrivEsc challenges in CTF competitions and earn prizes and recognition.

CTFHackTheBoxTryHackMePrivEsc chains

Track:FC-02 → MC-03 → CTF

Who this course is for

🐧

Pentesters

Want to close the PrivEsc gap and confidently get root on Linux in real engagements

🔴

Red Teamers

Studying advanced post-exploitation techniques for APT attack simulation

🏆

CTF Players

Want to confidently solve Linux PrivEsc challenges in competitions and CTF platforms

Master Linux PrivEsc
and get root
today

12 lessons, linPEAS, GTFOBins and practice on real CTF machines.

Start Learning ← All Courses

MC-03● Available

Level: intermediate

12 lessons

video + practice

3 modules

by topic

Intermediate

difficulty level

linPEAS + GTFOBins

core tools

SUID, cron and sudo exploitation

Kernel exploits: DirtyCow and analogues

Docker escape techniques

Automation with linPEAS