Privilege Escalation Techniques

Privilege Escalation Techniques

by Alexis Ahmed
Released November 2021
Publisher(s): Packt Publishing
ISBN: 9781801078870

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Escalate your privileges on Windows and Linux platforms with step-by-step instructions and deepen your theoretical foundations

Key Features

  • Discover a range of techniques to escalate privileges on Windows and Linux systems
  • Understand the key differences between Windows and Linux privilege escalation
  • Explore unique exploitation challenges in each chapter provided in the form of pre-built VMs

Book Description

Privilege Escalation Techniques is a detailed guide to privilege escalation techniques and tools for both Windows and Linux systems. This is a one-of-a-kind resource that will deepen your understanding of both platforms and provide detailed, easy-to-follow instructions for your first foray into privilege escalation.

The book uses virtual environments that you can download to test and run tools and techniques. After a refresher on gaining access and surveying systems, each chapter will feature an exploitation challenge in the form of pre-built virtual machines (VMs). As you progress, you will learn how to enumerate and exploit a target Linux or Windows system. You'll then get a demonstration on how you can escalate your privileges to the highest level.

By the end of this book, you will have gained all the knowledge and skills you need to be able to perform local kernel exploits, escalate privileges through vulnerabilities in services, maintain persistence, and enumerate information from the target such as passwords and password hashes.

What you will learn

  • Understand the privilege escalation process and set up a pentesting lab
  • Gain an initial foothold on the system
  • Perform local enumeration on target systems
  • Exploit kernel vulnerabilities on Windows and Linux systems
  • Perform privilege escalation through password looting and finding stored credentials
  • Get to grips with performing impersonation attacks
  • Exploit Windows services such as the secondary logon handle service to escalate Windows privileges
  • Escalate Linux privileges by exploiting scheduled tasks and SUID binaries

Who this book is for

If you're a pentester or a cybersecurity student interested in learning how to perform various privilege escalation techniques on Windows and Linux systems – including exploiting bugs and design flaws – then this book is for you. You'll need a solid grasp on how Windows and Linux systems work along with fundamental cybersecurity knowledge before you get started.

Table of contents

  1. Privilege Escalation Techniques
  2. Contributors
  3. About the author
  4. About the reviewer
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Code in Action
    5. Download the color images
    6. Conventions used
    7. Get in touch
    8. Share Your Thoughts
  6. Section 1: Gaining Access and Local Enumeration
  7. Chapter 1: Introduction to Privilege Escalation
    1. What is privilege escalation?
    2. How permissions and privileges are assigned
      1. Horizontal privilege escalation
      2. Vertical privilege escalation
    3. Understanding the differences between privilege escalation on Windows and Linux
      1. Windows security
      2. Linux security
    4. Exploring the types of privilege escalation attack
      1. Kernel exploits
      2. Exploiting SUID binaries
      3. Exploiting vulnerable services and permissions
      4. Insecure credentials
      5. Exploiting SUDO
    5. Summary
  8. Chapter 2: Setting Up Our Lab
    1. Technical requirements
    2. Designing our lab
      1. Virtualization
      2. Hypervisors
      3. Lab structure
    3. Building our lab
      1. Installing and configuring VirtualBox
      2. Configuring a virtual network
      3. Setting up our target virtual machines
    4. Setting up Kali Linux
      1. Putting it all together
    5. Summary
  9. Chapter 3: Gaining Access (Exploitation)
    1. Technical requirements
    2. Setting up Metasploit
      1. The Metasploit structure
      2. Setting up the Metasploit framework
    3. Information gathering and footprinting
      1. Network mapping with Nmap
      2. Vulnerability assessment
    4. Gaining access
      1. Exploiting Metasploitable3
      2. Exploiting Metasploitable2
    5. Summary
  10. Chapter 4: Performing Local Enumeration
    1. Technical requirements
    2. Understanding the enumeration process
    3. Windows enumeration
      1. System enumeration
      2. User and group enumeration
      3. Network enumeration
      4. Password enumeration
      5. Firewall and antivirus enumeration
      6. Automated enumeration tools
    4. Linux enumeration
      1. System enumeration
      2. User and group enumeration
      3. Network enumeration
      4. Automated enumeration tools
    5. Summary
  11. Section 2: Windows Privilege Escalation
  12. Chapter 5: Windows Kernel Exploits
    1. Technical requirements
    2. Understanding kernel exploits
      1. What is a kernel?
      2. Windows NT
      3. The Windows kernel exploitation process
    3. Kernel exploitation with Metasploit
    4. Manual kernel exploitation
      1. Local enumeration
      2. Transferring files
      3. Enumerating kernel exploits
      4. Compiling Windows exploits
      5. Running the kernel exploit
    5. Summary
  13. Chapter 6: Impersonation Attacks
    1. Technical requirements
    2. Understanding Windows access tokens
      1. Windows access tokens
      2. Token security levels
      3. Abusing tokens
    3. Enumerating privileges
    4. Token impersonation attacks
      1. Potato attacks overview
    5. Escalating privileges via a Potato attack
      1. Manual escalation
    6. Summary
  14. Chapter 7: Windows Password Mining
    1. Technical requirements
    2. What is password mining?
    3. Searching for passwords in files
    4. Searching for passwords in Windows configuration files
    5. Searching for application passwords
    6. Dumping Windows hashes
      1. SAM database
      2. LM and NTLM hashing
    7. Cracking Windows hashes
      1. Cracking Windows hashes with John the Ripper
      2. Authentication
    8. Summary
  15. Chapter 8: Exploiting Services
    1. Technical requirements
    2. Exploiting services and misconfigurations
    3. Exploiting unquoted service paths
    4. Exploiting secondary logon
    5. Exploiting weak service permissions
    6. DLL hijacking
      1. Setting up our environment
      2. The DLL exploitation process
    7. Summary
  16. Chapter 9: Privilege Escalation through the Windows Registry
    1. Technical requirements
    2. Understanding the Windows Registry
      1. What is the Windows Registry?
      2. How the Windows Registry stores data
    3. Exploiting Autorun programs
    4. Exploiting the Always Install Elevated feature
    5. Exploiting weak registry permissions
    6. Summary
  17. Section 3: Linux Privilege Escalation
  18. Chapter 10: Linux Kernel Exploits
    1. Technical requirements
    2. Understanding the Linux kernel
      1. Understanding the Linux kernel exploitation process
      2. Setting up our environment
    3. Kernel exploitation with Metasploit
    4. Manual kernel exploitation
      1. Local enumeration tools
      2. Transferring files
      3. Enumerating system information
      4. Enumerating kernel exploits
      5. Running the kernel exploit
    5. Summary
  19. Chapter 11: Linux Password Mining
    1. Technical requirements
    2. What is password mining?
      1. Setting up our environment
    3. Extracting passwords from memory
    4. Searching for passwords in configuration files
      1. Searching for passwords
      2. Transferring files
    5. Searching for passwords in history files
    6. Summary
  20. Chapter 12: Scheduled Tasks
    1. Technical requirements
    2. Introduction to cron jobs
      1. The crontab file
    3. Escalation via cron paths
      1. Enumeration with linPEAS
      2. Transferring files
      3. Finding cron jobs with linPEAS
      4. Escalating privileges via cron paths
    4. Escalation via cron wildcards
    5. Escalation via cron file overwrites
    6. Summary
  21. Chapter 13: Exploiting SUID Binaries
    1. Technical requirements
    2. Introduction to filesystem permissions on Linux
      1. Changing permissions
      2. Understanding SUID permissions
    3. Searching for SUID binaries
      1. Searching for SUID binaries manually
      2. Searching for SUID binaries with linPEAS
      3. Identifying vulnerable SUID binaries
    4. Escalation via shared object injection
    5. Summary
    6. Why subscribe?
  22. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share Your Thoughts

Product information

  • Title: Privilege Escalation Techniques
  • Author(s): Alexis Ahmed
  • Release date: November 2021
  • Publisher(s): Packt Publishing
  • ISBN: 9781801078870