P
Privilege Escalation
The exploitation of vulnerabilities or misconfigurations to gain elevated access levels beyond what was initially authorized.
What is Privilege Escalation?
Privilege escalation is the act of exploiting a bug, design flaw, or configuration oversight to gain elevated access to resources normally protected from an application or user. It's a critical step in most attack chains.
Types of Privilege Escalation
Vertical (Elevation):
- Moving from lower to higher privilege level
- User to administrator
- Admin to system/root
- Most common and dangerous
Horizontal:
- Accessing resources of another user at same level
- User A accessing User B's data
- Often a stepping stone to vertical escalation
Common Techniques
Windows:
- Unquoted service paths
- DLL hijacking
- Token manipulation
- Exploiting vulnerable services
- UAC bypass
Linux:
- SUID/SGID misconfigurations
- Sudo misconfigurations
- Kernel exploits
- Cron job exploitation
- Writable scripts in PATH
Detection and Prevention
- Regular vulnerability patching
- Principle of least privilege
- Monitor for privilege changes
- Audit service configurations
- Review file permissions
- Endpoint detection tools