Penetration Test - Select Your Attacks(14)

Privilege Escalation(Linux)

Linux user ID is 'root'.

LINUX-SPECIFIC PRIVILEGE ESCALATION
  • SUID/SGID programs
    • Permission to execute a program as executable's owner/group
    • ls shows 's' in executable bit of permissions
      • -r-sr-sr-x(SUID and SGID set)
  • Unsecure SUDO
    • Authorized users execute commands as if logged in a root
  • Ret2libc
    • Stack overflow attack
    • Replaces current stack return address with attacker-chosen address of another subroutine
    • Libc includes useful calls, such as 'system'
  • Sticky bits
    • Directory permission
    • Multiple users can create, read, and write files, but only the owner can delete
    • ls shows 't' in the last bit of permissions
      • drwxrwxrwt
QUICK REVIEW
  • SUID/SGID and sudo make systems easier to use, but can make them easier to compromise
  • Ret2libc is a potential attack vector for hijacking processes
  • Sticky bit directories can allow attackers to write files and executables
上一篇:Penetration Test - Select Your Attacks(8)


下一篇:Penetration Test - Select Your Attacks(20)