Book Image

Privilege Escalation Techniques

By : Alexis Ahmed

5 (2)

Book Image

Privilege Escalation Techniques

5 (2)

By: Alexis Ahmed

Overview of this book

Privilege Escalation Techniques is a detailed guide to privilege escalation techniques and tools for both Windows and Linux systems. This is a one-of-a-kind resource that will deepen your understanding of both platforms and provide detailed, easy-to-follow instructions for your first foray into privilege escalation. The book uses virtual environments that you can download to test and run tools and techniques. After a refresher on gaining access and surveying systems, each chapter will feature an exploitation challenge in the form of pre-built virtual machines (VMs). As you progress, you will learn how to enumerate and exploit a target Linux or Windows system. You’ll then get a demonstration on how you can escalate your privileges to the highest level. By the end of this book, you will have gained all the knowledge and skills you need to be able to perform local kernel exploits, escalate privileges through vulnerabilities in services, maintain persistence, and enumerate information from the target such as passwords and password hashes.

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Share Your Thoughts

Section 1: Gaining Access and Local Enumeration

Section 1: Gaining Access and Local Enumeration

Free Chapter

Chapter 1: Introduction to Privilege Escalation

Chapter 1: Introduction to Privilege Escalation

What is privilege escalation?

How permissions and privileges are assigned

Understanding the differences between privilege escalation on Windows and Linux

Exploring the types of privilege escalation attack

Chapter 2: Setting Up Our Lab

Chapter 2: Setting Up Our Lab

Technical requirements

Designing our lab

Building our lab

Setting up Kali Linux

Chapter 3: Gaining Access (Exploitation)

Chapter 3: Gaining Access (Exploitation)

Technical requirements

Setting up Metasploit

Information gathering and footprinting

Chapter 4: Performing Local Enumeration

Chapter 4: Performing Local Enumeration

Technical requirements

Understanding the enumeration process

Windows enumeration

Linux enumeration

Section 2: Windows Privilege Escalation

Section 2: Windows Privilege Escalation

Chapter 5: Windows Kernel Exploits

Chapter 5: Windows Kernel Exploits

Technical requirements

Understanding kernel exploits

Kernel exploitation with Metasploit

Manual kernel exploitation

Chapter 6: Impersonation Attacks

Chapter 6: Impersonation Attacks

Technical requirements

Understanding Windows access tokens

Enumerating privileges

Token impersonation attacks

Escalating privileges via a Potato attack

Chapter 7: Windows Password Mining

Chapter 7: Windows Password Mining

Technical requirements

What is password mining?

Searching for passwords in files

Searching for passwords in Windows configuration files

Searching for application passwords

Dumping Windows hashes

Cracking Windows hashes

Chapter 8: Exploiting Services

Chapter 8: Exploiting Services

Technical requirements

Exploiting services and misconfigurations

Exploiting unquoted service paths

Exploiting secondary logon

Exploiting weak service permissions

Chapter 9: Privilege Escalation through the Windows Registry

Chapter 9: Privilege Escalation through the Windows Registry

Technical requirements

Understanding the Windows Registry

Exploiting Autorun programs

Exploiting the Always Install Elevated feature

Exploiting weak registry permissions

Section 3: Linux Privilege Escalation

Section 3: Linux Privilege Escalation

Chapter 10: Linux Kernel Exploits

Chapter 10: Linux Kernel Exploits

Technical requirements

Understanding the Linux kernel

Kernel exploitation with Metasploit

Manual kernel exploitation

Chapter 11: Linux Password Mining

Chapter 11: Linux Password Mining

Technical requirements

What is password mining?

Extracting passwords from memory

Searching for passwords in configuration files

Searching for passwords in history files

Chapter 12: Scheduled Tasks

Chapter 12: Scheduled Tasks

Technical requirements

Introduction to cron jobs

Escalation via cron paths

Escalation via cron wildcards

Escalation via cron file overwrites

Chapter 13: Exploiting SUID Binaries

Chapter 13: Exploiting SUID Binaries

Technical requirements

Introduction to filesystem permissions on Linux

Searching for SUID binaries

Escalation via shared object injection

Other Books You May Enjoy

Other Books You May Enjoy

Packt is searching for authors like you

Share Your Thoughts

Customer Reviews

5 (2)

5 star

100%

4 star

0

3 star

0

2 star

0

1 star

0

What is privilege escalation?

Privilege escalation is the process of exploiting vulnerabilities or misconfigurations in systems to elevate privileges from one user to another, typically to a user with administrative or root access on a system. Successful privilege escalation allows attackers to increase their control over a system or group of systems that belong to a domain, giving them the ability to make administrative changes, exfiltrate data, modify or damage the operating system, and maintain access through persistence, such as registry edits or cron jobs.

From a penetration tester's perspective, privilege escalation is the next logical step after the successful exploitation of a system and is typically performed by bypassing or exploiting authentication and authorization systems, whose purpose is to segregate user accounts based on their permissions and role.

A typical approach would be to use an initial access or foothold on a system to gain access to resources and functionality that is beyond what the current user account permissions offer. This process is commonly referred to as getting root privileges on a system.

Before we can get started with the various privilege escalation techniques, we need to understand how user accounts and permissions are implemented in modern operating systems.