One‑Stop Linux Privilege Escalation Toolkit Covering 24 Vulnerabilities Across 7 Architectures

lpe-toolkit is a multi‑architecture Linux privilege‑escalation toolkit that bundles 24 exploits across seven CPU architectures, automatically detects kernel versions to filter patched bugs, offers pre‑compiled binaries for amd64, multiple execution modes, and practical use cases for red‑team testing, incident response, and security research.

Black & White Path
Black & White Path
Black & White Path
One‑Stop Linux Privilege Escalation Toolkit Covering 24 Vulnerabilities Across 7 Architectures

Tool Overview

lpe-toolkit (Linux Privilege Escalation Toolkit) is a multi‑architecture Linux privilege‑escalation utility maintained by security researcher portbuster1337. It bundles 24 pre‑packaged exploits (including CVEs and near‑0‑day bugs) and supports seven CPU architectures: amd64, arm64, 386, mips, mipsle, mips64, mips64le. The tool automatically reads the target kernel version and skips exploits that are already patched.

Supported Vulnerabilities

Copy Fail (CVE‑2026‑31431) – AF_ALG + splice page‑cache write

Dirty Pipe (CVE‑2022‑0847) – /etc/passwd page‑cache overwrite

PwnKit (CVE‑2021‑4034) – pkexec environment escape

Docker Socket – writable /var/run/docker.sock configuration error

GTFOBins – more than 80 password‑less sudo techniques

Core Feature Analysis

Automatic kernel version detection and exploit filtering

On launch the tool reads the target kernel version and automatically excludes exploits that are fixed in that version, reducing noisy alerts and avoiding unnecessary instability.

Pre‑compiled binaries for amd64

All amd64 exploits are embedded as pre‑compiled C binaries within the Go program, allowing immediate execution on systems without a development toolchain. For other architectures the exploit source is compiled at runtime using the target’s gcc.

Multiple execution modes

Dry‑run mode : lists applicable exploits without executing them. ./lpe-toolkit --dry-run Silent mode : runs silently and prints only the final result. ./lpe-toolkit -q -c "whoami" Command execution : runs a specified command after gaining root. ./lpe-toolkit -c "id" Skip specific exploits : omits known‑patched vulnerabilities.

./lpe-toolkit --skip "dirtypipe,pwnkit"

Typical Use Cases

Penetration testing / authorized red‑team engagements

After obtaining a low‑privilege shell, a single invocation attempts all applicable escalation paths; the GTFOBins module covers over 80 sudo misconfigurations.

Incident response and host investigation

In a breach scenario, the --dry-run mode enumerates possible escalation routes on a compromised host, helping analysts infer the attacker’s technique.

Security research and vulnerability learning

The source is organized with each exploit in its own C file, providing a practical learning resource for techniques such as page‑cache overwrite, namespace escape, and D‑Bus races.

2026 New Vulnerabilities Added

CVE‑2026‑41651 (Pack2TheRoot): PackageKit D‑Bus race that writes a setuid‑root bash.

CVE‑2026‑46333 (pidfd race): Escalation via ssh‑keysign/shadow file‑descriptor theft.

CVE‑2026‑46331 (PEdit COW): tc‑pedit page‑cache overwrite of the su binary (kernel 5.18 – 7.1‑rc6).

CVE‑2026‑43503 (DirtyClone): ESP‑in‑UDP TEE contaminates /etc/passwd (kernel 7.1‑rc1 – rc4).

CVE‑2026‑46242 (Bad Epoll): epoll close‑vs‑close race leading to a use‑after‑free.

Usage Precautions

Use only in authorized security‑testing, penetration‑testing contracts, or incident‑response engagements.

Some exploits may trigger host‑based IDS/EDR alerts; exercise caution in production environments.

Run --dry-run first to verify applicable exploits before performing actual escalation.

Several new CVEs are version‑specific; the tool performs version checks automatically.

Project Repository

https://github.com/portbuster1337/lpe-toolkit

lpe-toolkit overview
lpe-toolkit overview
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

LinuxCVEprivilege escalationpenetration testingmulti-architecturesecurity researchlpe-toolkit
Black & White Path
Written by

Black & White Path

We are the beacon of the cyber world, a stepping stone on the road to security.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.