No announcement yet.

System Hacking - Privilege Escalation

  • Filter
  • Time
  • Show
Clear All
new posts

  • System Hacking - Privilege Escalation

    When you gain access to an account, there is still more to accomplish: privilege escalation. The reality might be that the account you are compromising may be a low-privileged and less-defended one. If this is the case, you must perform privilege escalation before you move on in the process. The goal should be to gain the highest level of privilege to give you unrestricted access to all resources on the target host.
    It is easy for an attacker to find information about accounts that are included with the operating system so you should take care to ensure that such accounts are secured properly, even if they will never be used.

    There are two defined types of privilege escalation, each of which approaches the problem of obtaining greater privileges from a different angle.

    Horizontal Privilege Escalation
    An attacker attempts to take over the rights and privileges of another user who has the same privileges as the current user. This occurs when a normal user accesses functions or content reserved for another normal user.

    Vertical Privilege Escalation
    The attacker gains access to an account and then tries to elevate the privileges of that account. It is also possible to carry out a vertical escalation by compromising an account and then from there, gain access to a higher-privileged account. This occurs when a lower-privilege user or application accesses functions or content reserved for higher-privileged users or applications.

    One way of escalating privileges is to identify an account that has the desired access and then attempt to change the password of that user. Several tools allow you to do this by booting into a live linux distribution and using the tools, while the SAM database and the SYSTEM file are not locked by the Windows operating system. The downside of this technique is that physical access to the workstation or server is needed. Of course this is just one way of accomplishing this task but this is the part of the process where no solutions are handed to you and you have to be creative.
    Certified Security Geek