Book Image

Privilege Escalation Techniques

By : Alexis Ahmed
5 (2)
Book Image

Privilege Escalation Techniques

5 (2)
By: Alexis Ahmed

Overview of this book

Privilege Escalation Techniques is a detailed guide to privilege escalation techniques and tools for both Windows and Linux systems. This is a one-of-a-kind resource that will deepen your understanding of both platforms and provide detailed, easy-to-follow instructions for your first foray into privilege escalation. The book uses virtual environments that you can download to test and run tools and techniques. After a refresher on gaining access and surveying systems, each chapter will feature an exploitation challenge in the form of pre-built virtual machines (VMs). As you progress, you will learn how to enumerate and exploit a target Linux or Windows system. You’ll then get a demonstration on how you can escalate your privileges to the highest level. By the end of this book, you will have gained all the knowledge and skills you need to be able to perform local kernel exploits, escalate privileges through vulnerabilities in services, maintain persistence, and enumerate information from the target such as passwords and password hashes.

Related Content you might be interested in

Current Title:

Small book image
Privilege Escalation Techniques
Alexis Ahmed
Nov, 2021 | 340 pages
Small book image
Metasploit Penetration Testing Cookbook.
Nipun Jaswal | Daniel Teixeira | Monika Agarwal | Abhinav Singh
Feb, 2018 | 426 pages
Small book image
Metasploit Bootcamp
Nipun Jaswal
May, 2017 | 230 pages
Small book image
Metasploit 5.0 for Beginners
Sagar Rahalkar
Apr, 2020 | 246 pages
Table of Contents (18 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Code in Action
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1: Gaining Access and Local Enumeration
Section 1: Gaining Access and Local Enumeration
Free Chapter
2
Chapter 1: Introduction to Privilege Escalation
Chapter 1: Introduction to Privilege Escalation
What is privilege escalation?
How permissions and privileges are assigned
Understanding the differences between privilege escalation on Windows and Linux
Exploring the types of privilege escalation attack
Summary
3
Chapter 2: Setting Up Our Lab
Chapter 2: Setting Up Our Lab
Technical requirements
Designing our lab
Building our lab
Setting up Kali Linux
Summary
4
Chapter 3: Gaining Access (Exploitation)
Chapter 3: Gaining Access (Exploitation)
Technical requirements
Setting up Metasploit
Information gathering and footprinting
Gaining access
Summary
5
Chapter 4: Performing Local Enumeration
Chapter 4: Performing Local Enumeration
Technical requirements
Understanding the enumeration process
Windows enumeration
Linux enumeration
Summary
6
Section 2: Windows Privilege Escalation
Section 2: Windows Privilege Escalation
7
Chapter 5: Windows Kernel Exploits
Chapter 5: Windows Kernel Exploits
Technical requirements
Understanding kernel exploits
Kernel exploitation with Metasploit
Manual kernel exploitation
Summary
8
Chapter 6: Impersonation Attacks
Chapter 6: Impersonation Attacks
Technical requirements
Understanding Windows access tokens
Enumerating privileges
Token impersonation attacks
Escalating privileges via a Potato attack
Summary
9
Chapter 7: Windows Password Mining
Chapter 7: Windows Password Mining
Technical requirements
What is password mining?
Searching for passwords in files
Searching for passwords in Windows configuration files
Searching for application passwords
Dumping Windows hashes
Cracking Windows hashes
Summary
10
Chapter 8: Exploiting Services
Chapter 8: Exploiting Services
Technical requirements
Exploiting services and misconfigurations
Exploiting unquoted service paths
Exploiting secondary logon
Exploiting weak service permissions
DLL hijacking
Summary
11
Chapter 9: Privilege Escalation through the Windows Registry
Chapter 9: Privilege Escalation through the Windows Registry
Technical requirements
Understanding the Windows Registry
Exploiting Autorun programs
Exploiting the Always Install Elevated feature
Exploiting weak registry permissions
Summary
12
Section 3: Linux Privilege Escalation
Section 3: Linux Privilege Escalation
13
Chapter 10: Linux Kernel Exploits
Chapter 10: Linux Kernel Exploits
Technical requirements
Understanding the Linux kernel
Kernel exploitation with Metasploit
Manual kernel exploitation
Summary
14
Chapter 11: Linux Password Mining
Chapter 11: Linux Password Mining
Technical requirements
What is password mining?
Extracting passwords from memory
Searching for passwords in configuration files
Searching for passwords in history files
Summary
15
Chapter 12: Scheduled Tasks
Chapter 12: Scheduled Tasks
Technical requirements
Introduction to cron jobs
Escalation via cron paths
Escalation via cron wildcards
Escalation via cron file overwrites
Summary
16
Chapter 13: Exploiting SUID Binaries
Chapter 13: Exploiting SUID Binaries
Technical requirements
Introduction to filesystem permissions on Linux
Searching for SUID binaries
Escalation via shared object injection
Summary
Why subscribe?
17
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Exploiting weak service permissions

This exploit involves leveraging improperly configured service permissions in order to elevate our privileges. The objective of this process is to identify services that run with SYSTEM or administrative privileges and use the improper permission configurations for the service to execute arbitrary commands through the BINARY_PATH_NAME parameter.

We can exploit this vulnerability to add a standard user to the local administrators group and consequently achieve an elevated state on the system.

The exploitation process can be performed by following these steps:

  1. The first step in the process involves identifying services and applications that standard users have access to. This can be facilitated through the use of the accesschk utility that is found in the Sysinternals suite. The accesschk executable can be downloaded from here: https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk.
  2. After downloading the accesschk executable...
Previous Section
End of Section 6
Next Section