What is Privilege Escalation?
What is Privilege Escalation?
What is Privilege Escalation
No matter how rigorously security experts try to keep hackers out of protected networks, they always find a way in. One tactic that hackers use to gain unauthorized access to a network is known as privilege escalation. So what is privilege escalation?
Also read: Cyber Security: Definition, Benefits, and Types
TABLE OF CONTENTS
1. What is Privilege Escalation?
2. Privilege Escalation Type
3. Privilege Escalation Horizontal
4. Vertical Escalation Privilege
5. How Do Privilege Escalation Attacks Happen?
6. Privilege Escalation Example
7. Access Token Manipulation
8. Bypass User Account Control
9. Using a Valid Account
10. How to Prevent This Attack?
11. Conclusion
What is Privilege Escalation?
Most computer systems are designed to be used with multiple user accounts, each of which has capabilities known as privileges. General rights that include the ability to view, edit, or modify files.
Privilege escalation is a common way for attackers to gain unauthorized access to systems within security limits. Attackers start by finding weak points or loopholes to gain access to the system.
In many cases the first point of penetration will not provide attackers with the level of access or data they need. They will then attempt privilege escalation to gain more permissions or gain access to additional, more sensitive systems.
In some cases, attackers attempting to increase privilege find “doors wide open” inadequate security controls, or failure to follow the principle of least privilege, with users having more privileges than they actually need. In other cases, attackers exploit software vulnerabilities, or use special techniques to bypass operating system permission mechanisms.
Also Read: Definition of LFI (Local File Inclusion)
Privilege Escalation Type
Generally, an increase in privilege is a type of activity when a hacker exploits a bug, takes advantage of a misconfiguration and programming, or uses any vulnerability in a system or application to gain elevated access to protected resources.
Typically, this occurs when an attacker has performed reconnaissance and managed to compromise the system by gaining access to a low-level account. In this stage, the attacker wants to have a firm grip on the system and is looking for ways to increase privileges, either to learn more about the system or to learn more about the system. carry out the attack. There are two types of privilege escalation:
Privilege Escalation Horizontal
Horizontal Privilege Escalation applies to all situations where an attacker acts as a specific user and gains access to resources belonging to another user with the same access level. For example, if an attacker impersonates a user and gains unauthorized access to their bank account, this is an example from horizontal privilege escalation.
Many web vulnerabilities can cause horizontal privilege escalation. For example, such as Cross-site Scripting (XSS) attacks can allow attackers to steal user session cookies to access their user accounts. CSRF attacks are also an example of horizontal privilege escalation.
Vertical Escalation Privilege
Vertical Escalation Privilege is often referred to as privilege elevation. This applies to all situations where an attacker gains higher privileges, most often root privileges (administrative privileges).
Here, a malicious user gains access to a lower-level account and uses it to gain higher-level privileges. For example, a hacker could compromise a user's internet bank account and then try to gain access to the site's administration functions.
Vertical privilege escalation requires more sophisticated attack techniques than horizontal privilege escalation, such as hacking tools that help attackers gain higher access to systems and data.
How Do Privilege Escalation Attacks Happen?
Attackers who try to perform unauthorized actions and gain high-level privileges often use what is called a privilege escalation exploit. An exploit is a piece of code with the aim of releasing a specific payload. A payload will focus on a known weakness in an operating system or software component. Â
Privilege escalation exploit execution will later allow them to steal or corrupt data, disrupt operations or set persistence on the network to carry out further attacks. A privilege escalation attack consists of five steps:
1. Find vulnerabilities
2. Create the associated privilege escalation exploit
3. Use exploit on the system
4. Check if exploit system successfully
5. Get additional privileges
Privilege Escalation Example
The attacker's goal in a privilege escalation attack is to gain high-level privileges (eg root privileges) and make their way to a system. There are several privilege escalation techniques that attackers use to achieve this. Here are three examples of the most common privilege escalation attacks. :
Access Token Manipulation
Takes advantage of the way Microsoft Windows manages administrator rights. Typically, Windows uses an access token to determine the owner of a running process. With token manipulation, an attacker fools the system into believing the running process belongs to a different user than the one that actually started the process. . When this happens, the process retrieves the security context associated with the attacker's access token. This is a form of vertical privilege escalation.
Bypass User Account Control
Windows has a structured mechanism for controlling user rights called User Account Control (UAC) that serves as a barrier between normal users and administrators, restricting standard user permissions until the administrator authorizes increased privileges.
However, if the UAC protection level on the computer is not configured correctly, some Windows programs will be allowed to increase privileges or execute Component Object Model (COM) objects without first asking administrator permission. For example, rundll32.exe can load the Dynamic Link Library. (DLL) containing privileged COM objects, allowing attackers to bypass UAC and gain access to protected directories.
Using Valid Account
Attackers gain unauthorized access to administrators or users with elevated privileges and use them to log into sensitive systems or create their own login credentials.
How to Prevent This Attack?
One of the simplest, but most effective ways to avoid this threat is to change administrative account passwords regularly and enforce strong password policies, for example ensuring that local administrator accounts have complex passwords that are unique across all systems.
It's also important to monitor what's happening in your IT environment to detect techniques such as Credential Dumping. Limit overlapping credentials across systems to reduce the risk of further unauthorized access if an adversary obtains account credentials, and don't put domain admin or admin accounts on local administrators group unless strictly controlled. Finally, you need to monitor user behavior and keep an eye on what level of permissions each user has to quickly detect enemy activity.
Conclusion
So what is privilege escalation? Attacks to gain privileges are used to access something that should not be accessible. Attackers use various privilege escalation techniques to access unauthorized resources.
To avoid privilege escalation attacks, you should regularly find and restore your system's security vulnerabilities, strictly regulate privileges, and always perform security monitoring to find out what is happening on your network.
Hopefully, this article about What is Privilege Escalation?, gives you a little insight. Also, read an article about What is Programming? that you may need to know. Thank you.