📖

Privilege Escalation - Linux

Formula

Group

Pentest

Keywords

Last edited time

Jun 25, 2024 2:16 PM

Slug

Status

In progress

Title

Code inside page

Github

👉 Overview
👀 What ?
🧐 Why ?
⛏️ How ?
⏳ When ?
⚙️ Technical Explanations
🖇️ References

👉 Overview

👀 What ?

Privilege escalation refers to the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. In the context of Linux, privilege escalation often involves obtaining root access.

🧐 Why ?

Understanding privilege escalation is crucial for both system administrators and penetration testers. For system administrators, comprehending how privilege escalation works can help in configuring systems in a way that minimizes the attack surface. For penetration testers, knowledge of privilege escalation techniques can aid in discovering vulnerabilities and validating the robustness of system security.

⛏️ How ?

Privilege escalation can occur in two ways: vertical and horizontal. Vertical privilege escalation, also known as privilege elevation, involves a lower privilege user or application accessing functions or content that requires higher privileges. This can typically be achieved by exploiting system vulnerabilities. Horizontal privilege escalation, on the other hand, occurs when a user gains the privileges of another user. This is commonly seen in instances where the user can log into a system as another user without a password.

⏳ When ?

Privilege escalation attacks have been a common threat to Linux systems for many years. As long as there are users with different privilege levels, the risk of privilege escalation exists. The mitigation of this risk depends on regular system updates and vigilant system monitoring.

⚙️ Technical Explanations

Privilege escalation in Linux systems is a key security concern and commonly occurs due to misconfigurations, the use of insecure or outdated software versions. Here is a more detailed explanation:

Misconfigurations: Incorrect settings or permissions on important system files and services can lead to privilege escalation. For example, files or directories with weak permissions can be modified or accessed by unprivileged users, leading to unauthorized system changes.
Insecure Software: Software with known security vulnerabilities can be exploited to escalate privileges. For example, if an application running as root contains a buffer overflow vulnerability, an attacker might exploit this to gain root access.
Outdated Software Versions: Older versions of software may have unpatched vulnerabilities, making them prime targets for privilege escalation attacks. Regular software updates are crucial for mitigating this risk.

Common techniques used by attackers include:

Exploiting SUID/GUID Files: SUID (Set User ID upon execution) and GUID (Set Group ID upon execution) are special permissions that allow a program to be executed with the privileges of the file owner (or group) instead of the user who launched it. If a file with SUID or GUID permissions is insecure, it can be exploited to gain elevated privileges.
Taking advantage of poorly configured cron jobs: Cron is a time-based job scheduler in Unix-like operating systems. If a cron job is poorly configured (e.g., it executes files writable by non-privileged users), an attacker could manipulate it to execute arbitrary commands with elevated privileges.
Manipulating Services Running as Root: Services running as root (the highest privilege level) are attractive targets for attackers. If these services are insecure, they could be exploited to gain root access.
Exploiting Kernel Vulnerabilities: The kernel, being the core of the operating system, has complete control over everything in the system. Any vulnerability in the kernel can therefore lead to a full compromise of the system.
Insecurely coded applications running with high privileges: Similar to services running as root, applications running with high privileges are attractive targets. If these applications are insecurely coded (e.g., they contain buffer overflow vulnerabilities), they could be exploited to gain elevated privileges.

Understanding these concepts and regularly reviewing system configurations and permissions can greatly enhance the security of a Linux system.

🖇️ References

📖Wildcards Spare tricks 📖SSH Forward Agent exploitation 📖Splunk LPE and Persistence 📖Socket Command Injection 📖SELinux 📖RunC Privilege Escalation 📖Payloads to execute 📖Node inspector/CEF debug abuse 📖NFS no_root_squash/no_all_squash misconfiguration PE 📖Linux Capabilities 📖Linux Active Directory 📖ld.so privesc exploit example 📖Logstash 📖lxd/lxc Group - Privilege escalation 📖Interesting Groups - Linux Privesc 📖euid, ruid, suid 📖Escaping from Jails 📖Weaponizing Distroless 📖Seccomp 📖UTS Namespace 📖User Namespace 📖Time Namespace 📖Network Namespace 📖Mount Namespace 📖PID Namespace 📖IPC Namespace 📖CGroup Namespace 📖Namespaces 📖Sensitive Mounts 📖Docker release_agent cgroups escape 📖release_agent exploit - Relative Paths to PIDs 📖Docker Breakout / Privilege Escalation 📖Docker --privileged 📖CGroups 📖AuthZ& AuthN - Docker Access Authorization Plugin 📖AppArmor 📖Abusing Docker Socket for Privilege Escalation 📖Docker Security 📖D-Bus Enumeration & Command Injection Privilege Escalation 📖Containerd (ctr) Privilege Escalation 📖Cisco - vmanage 📖Arbitrary File Write to Root