Linux Privilege Escalation: Automation

Several tools can help you save time during the enumeration process. These tools should only be used to save time, knowing they may miss some privilege escalation vectors. Below is a list of popular Linux enumeration tools with links to their respective GitHub repositories.

The target system's environment will influence the tool you will be able to use. For example, you will not be able to run a tool written in Python if it is not installed on the target system. This is why it would be better to be familiar with a few rather than having a single go-to tool.

LinPeas: Automated script that highlights privilege escalation paths across the system — misconfigs, weak permissions, credentials, and more
LinEnum: Scripted local enumeration tool that dumps system info, users, crons, and SUID binaries in a readable report
LES (Linux Exploit Suggester): Matches the kernel version against known CVEs and suggests applicable local privilege escalation exploits
Linux Smart Enumeration: Enumeration script with adjustable verbosity levels — starts quiet and reveals more detail as the level increases
Linux Priv Checker: Enumerates system info and automatically checks for common privilege escalation opportunities, flagging issues inline

Answer the questions below

Run Linux Exploit Suggester to enumerate the target host. What CVE is listed as the first Possible Exploit the target is vulnerable to?

CVE-2025–32463

Exploit the previously identified vulnerability. What is the content of /root/flag.txt?

THM{splo1ts-r-public}

What is the full path of the script vulnerable to privilege escalation?

/var/local/syslog-backup.sh

What is the flag in /root/flag.txt?

THM{getting-root-with-pspy}

What are the contents of /home/frank/flag.txt?

THM{Frank_Pwned_Privesc}

What are the contents of /root/flag.txt?

THM{Priv_Ch@l_D0ne}