Privilege Escalation - From User to Admin Access
About 2 min read
Privilege escalation is an attack technique in which an attacker illegitimately gains administrator or system privileges from an ordinary user account. The attacker first breaks into a system with low privileges and then exploits vulnerabilities in the OS or applications to escalate those privileges. Once administrator privileges are obtained, the entire system falls under the attacker's control. In 2024, multiple privilege escalation vulnerabilities were reported in the Linux kernel and Windows, renewing awareness of the importance of applying patches promptly.
Real-World Use Cases
"During a penetration test, after gaining access from an ordinary user account, we were able to obtain root privileges by exploiting an unpatched kernel vulnerability. There was a three-month delay in applying patches, and the risk of privilege escalation has materialized."
The Privilege Escalation Flow
Types of Privilege Escalation
Vertical privilege escalation is the escalation from an ordinary user to administrator privileges, and it is the most serious. Horizontal privilege escalation is a technique for accessing the account of another user at the same privilege level. Kernel vulnerabilities, misconfigured SUID bits, and improper permission settings on password files are among the things that get exploited.privilege escalation books on Amazon will help you learn attack techniques and countermeasures.
A Real Attack Scenario
In a typical scenario, an attacker infects an ordinary employee's PC with malware via a phishing email and then uses that PC to break into the internal network. Next, they exploit a vulnerability in an unpatched server to obtain local administrator privileges, and then escalate further to administrator privileges on the domain controller, carrying out a multi-stage attack. In the 2017 WannaCry incident, privilege escalation that exploited a Windows SMB vulnerability spread damage around the world. Privilege escalation is also a crucial step in a supply chain attack.
Countermeasures
The basic principle is to follow the principle of least privilege and grant users only the minimum privileges they need. Set an especially strong, random password for administrator accounts and always enable multi-factor authentication. It is also important to apply OS and software updates promptly and to fix known vulnerabilities. By adopting zero trust security, you can limit the scope of impact of a privilege escalation.zero trust security books (Amazon) are also a helpful reference.
Was this article helpful?