WHAT IS PRIVILEGE ESCALATION?
Privilege escalation is the act of
exploiting a bug, design flaw or configuration oversight in an OS or
application to achieve an higher access to resources that are normally
protected from an application or user. The result could lead to unauthorized actions.
OBJECTIVE
In this blog, we will talk in detail
as what security issues could lead to a successful privilege escalation attack
on any Linux based systems.
Linux
Permission Model
Linux has inbred from UNIX the
concept of ownership and permissions of files. File permissions are used to protect
systems against malicious tampering.
1. In the above two screenshots,
we can see that the file ‘p.txt’ only has read & write access by the owner
‘root’.
2. We can see the permission denied error when I tried reading the file when I tried to access as “sawan”.
Security
Professionals usually perform Privilege Escalations to either Read/Write any sensitive file or to insert a
permanent backdoor.
“Privilege Escalations
are POST EXPLOITS”
TECHNIQUES USED FOR PRIVILEGE ESCALATION
·
KERNEL EXPLOITS
·
EXPLOITING SERVICES
WHICH ARE RUNNING AS ROOT
·
EXPLOITING SUID
EXECUTABLES
·
EXPLOITING SUDO
RIGHTS/USER
·
EXPLOITING BADLY
CONFIGURED CRON JOBS
·
EXPLOITING USERS WITH
‘.’ IN THEIR PATH
In this blog, we are just going to cover the Kernel Exploits. We can un-shield other techniques on my upcoming
blogs.
KERNEL EXPLOITS
Assumption: We have a shell on the remote system but we don’t have ‘root’
privileges.
Let’s go get ‘root’ access
on the system.
Exploiting a vulnerable machine
using DIRTYCOW
STEPS:
·
Whoami current user
·
Uname –a Kernel Version
·
Compile and Execute the EXPLOIT
·
#ROOT PERMISSION GRANTED
Countermeasures
·
The kernel
should be patched and updated.
Sawan Bhan
Comments
Post a Comment