What is Privileges Escalation
For those are not very familiar with Privilege Escalation, it is an act of exploiting vulnerabilities or bug where the attacker will take advantages of the design flaw in terms of configuration that resides either Operating System or Software Application. The purpose of the Privileges Escalation is to gain administrator access to the server or application.
As a result, the attacker will compromise the application or system by performing unauthorized access to the system. In this post, we will focus only on Linux and Windows Privileges Access even though there still have Mobile Access.
Windows Privileges Escalation
When we are talking about Windows Privileges Escalation, most people will think about how to gain PowerShell on the system or application. Even though it was not totally wrong but the main objective would be gaining administrator control over the system and application.
Tools that used for Windows Privileges Escalation
There is a lot of tools that can be used for this activity. But I would just focus on a few tools that I’m familiar with. The tool for Window Privilege Escalation would be
- Metasploit can exploit the target and the attacker would gain access to the Windows Operating System easily with the exploit such as exploit/windows/local/ikeext_service.
- Invoke-ServiceAbuse is a script that will normally abuse the function of the current configuration rights so that the attacker can execute a custom command to add a local administrator. An example of the script attack would be something like Invoke-ServiceAbuse -Name VulnSSH (PowerSploit Github)
- WinPeas is a script that will run automated for all privileges within the Windows Operating System. For those who curious on what been check using WinPeas, can look over here for further clarification(WinPeas)
- Hot Potato is an interesting way of doing the Windows Operating System in which the attack was been develop by Stephen Breen. The attack is a combination of 3 Attacks such as NBNS Spoofing, Fake WPAD Proxy Server and HTTP -> SMB NTLM Relay. (Hot Potato Github)
Linux Privileges Escalation
There is a lot of tools and vulnerabilities that can be used for this activity. But I would just focus on a few exploit that I’m familiar with. The tool or vulnerabilities that worked for Linux Privilege Escalation would be
- Dirty Cow is a vulnerability that been discovered by Phil Oester from going through an examination of the compromised system. A CVE was been released around October 2016 which coded as CVE-2016-5195. An attacker will use this vulnerability to exploits a race condition vulnerability
- LinEnum is an automated tool that will provide the pentester or attacker on all the privileges escalation that been used during the attacks. (LinEnum)
- LinPeas is a script that will run automated for all privileges within the Linux Operating System.