creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/performing-privilege-escalation-on-linux/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

1.8 KiB
Raw Blame History

API Reference — Performing Privilege Escalation on Linux

Libraries Used

  • subprocess: Execute system enumeration commands (sudo, find, getcap, crontab)
  • os: Check file writability with os.access()
  • pathlib: File system navigation
  • re: Pattern matching for cron script paths

CLI Interface

python agent.py sysinfo
python agent.py sudo
python agent.py suid
python agent.py writable
python agent.py cron
python agent.py caps
python agent.py full

Core Functions

enumerate_system_info() — Kernel, user, architecture info

check_sudo_permissions() — Sudo privilege analysis

Checks sudo -l output against 30+ GTFOBins-exploitable binaries. Detects NOPASSWD entries and full sudo access.

find_suid_binaries() — SUID/SGID binary enumeration

Identifies binaries with SUID bit set. Cross-references GTFOBins database.

check_writable_files() — Sensitive writable file detection

Checks: /etc/passwd, /etc/shadow, /etc/sudoers, /etc/crontab, /root, cron dirs.

check_cron_jobs() — Cron job privilege escalation vectors

Identifies writable scripts called from cron jobs (CRITICAL finding).

check_capabilities() — Linux capability enumeration

Flags: cap_setuid, cap_setgid, cap_sys_admin, cap_dac_override, cap_net_raw.

full_enumeration() — Combined analysis

GTFOBins SUID Exploitable Binaries (subset)

vim, find, bash, python, perl, nmap, env, tar, docker, strace, gdb, pkexec

Dangerous Sudo Patterns

Pattern Severity Vector
(ALL) NOPASSWD: /usr/bin/vim CRITICAL Shell escape
(ALL : ALL) ALL CRITICAL Full root access
NOPASSWD: /usr/bin/find CRITICAL -exec escalation

Dependencies

No external packages — Python standard library only. System: find, getcap, sudo, crontab

Reference in New Issue View Git Blame Copy Permalink