What is Privilege Escalation?

 No matter how hard security experts try to keep hackers out of protected networks, they always find a way in. One of the tactics hackers use to gain unauthorized access to a network is known as privilege escalation. Then what is privilege escalation?

What is Privilege Escalation?

Most computer systems are designed to be used with multiple user accounts, each of which has capabilities known as privileges. General rights that include the ability to view, edit, or modify files.

Privilege escalation is a common way for attackers to gain unauthorized access to systems within security boundaries. The attacker starts by finding weak points or loopholes to gain access to the system.

In many cases the first point of penetration will not provide the attacker with the level of access or data they need. They will then attempt privilege escalation to gain more permissions or gain access to additional, more sensitive systems.

In some cases, attackers trying to escalate privileges find “doors wide open” inadequate security controls, or failure to follow the principle of least privilege, with users having more privileges than they really need. In other cases, attackers exploit software vulnerabilities, or use special techniques to circumvent the operating system's permission mechanisms.

Privilege Escalation Types

Generally, privilege escalation is a type of activity when a hacker exploits bugs, takes advantage of configuration and programming errors, or uses any vulnerability in a system or application to gain high access to protected resources.

Typically, this occurs when an attacker has conducted reconnaissance and managed to compromise a system by gaining access to a low-level account. In this stage, the attacker wants to have a firm grip on the system and is looking for ways to escalate privileges, either to learn more about the system or to carry out an attack. There are two types of privilege escalation:

Privilege Escalation Horizontal

Privilege Escalation Horizontal applies to all situations where an attacker acts as a particular user and gains access to resources belonging to other users with the same access level. For example, if an attacker impersonates a user and gains unauthorized access to their bank account, this is an example of horizontal privilege escalation.

Many web vulnerabilities can cause horizontal privilege escalation. For example, such a Cross-site Scripting (XSS) attack could allow an attacker to steal a user's session cookies to access their user account. CSRF attacks are also an example of horizontal privilege escalation.

Vertical Privilege Escalation

Vertical Privilege Escalation is often referred to as privilege elevation. This applies to all situations where an attacker gains higher privileges, most often root privileges (administrative privileges).

Here, the malicious user gains access to lower-level accounts and uses them to gain higher-level privileges. For example, a hacker could compromise a user's Internet bank account and then try to gain access to the site's administrative functions.

Vertical privilege escalation requires more sophisticated attack techniques than horizontal privilege escalation, such as hacking tools that help attackers gain higher access to systems and data.

How Do Privilege Escalation Attacks Happen?

Attackers trying to perform unauthorized actions and gain high-level privileges often use what are called privilege escalation exploits. An exploit is a piece of code with the aim of releasing a certain payload. The payload will focus on known weaknesses in the operating system or software components.

Privilege escalation exploit execution will later allow them to steal or damage data, disrupt operations or set persistence on the network to carry out further attacks. A privilege escalation attack consists of five steps:

1. Find vulnerabilities

2. Create the associated privilege escalation exploit

3. Use an exploit on the system

4. Check if the system exploit was successful

5. Get additional privileges

Example of Privilege Escalation

The attacker's goal in a privilege escalation attack is to gain high-level privileges (eg root privileges) and make his way onto a system. There are several privilege escalation techniques that attackers use to achieve this. Here are three of the most common examples of privilege escalation attacks:

Access Token Manipulation

Takes advantage of the way Microsoft Windows manages administrator rights. Typically, Windows uses an access token to determine the owner of a running process. By manipulation of the token, the attacker fools the system into believing the running process belongs to a different user than the one that actually started the process. When this occurs, the process retrieves the security context associated with the attacker's access token. This is a form of vertical privilege escalation.

Bypass User Account Control

Windows has a structured mechanism for controlling user rights called User Account Control (UAC) that acts as a barrier between normal users and administrators, limiting standard user permissions until the administrator authorizes privilege elevations.

However, if the UAC protection level on the computer is not properly configured, some Windows programs will be allowed to elevate privileges or execute Component Object Model (COM) objects without first seeking administrator permission. For example, rundll32.exe can load a Dynamic Link Library (DLL) that contains elevated privileged COM objects, allowing an attacker to bypass UAC and gain access to protected directories.

Using Valid Accounts

Attackers gain unauthorized access to administrators or users with elevated privileges and use them to log into sensitive systems or create their own login credentials.

How To Prevent This Attack?

One of the simplest, yet most effective ways to avoid this threat is to change administrative account passwords regularly and enforce strong password policies, for example ensuring that the local administrator account has a complex and unique password across all systems.

It's also important to monitor what's going on in your IT environment to detect techniques like Credential Dumping. Limit system-wide credential overlap to reduce the risk of further unauthorized access if an adversary obtains account credentials, and don't place admin or domain admin accounts in the local administrators group unless strictly controlled. Finally, you need to monitor user behavior and keep an eye on what level of permissions each user has to quickly detect enemy activity.

Conclusion

So what is privilege escalation? An attack to gain privileges used to access something that shouldn't be accessible. Attackers use various privilege escalation techniques to access unauthorized resources.

To avoid privilege escalation attacks, you should regularly find and restore your system's security vulnerabilities, strictly manage privileges, and perform security monitoring to keep abreast of what's going on in your network.

________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ ________

So many articles What is Privilege Escalation. Look forward to other interesting articles and don't forget to share this article with your friends. Thank you…

Resa Risyan

Just an ordinary person who wants to share a little knowledge, hopefully the knowledge I provide can be useful for all of us. Keep in mind! Useful knowledge is an investment in the afterlife.