Different Methods of Privilege Escalation on Linux and Windows Machine

Abstract

During a penetration test, we often gain an initial foothold on a system as a standard or non- privileged user. In these cases, we generally seek to gain additional access rights before we can demonstrate the full impact of the compromise. This process is referred to as Privilege escalation and it is a necessary skill as "direct-to-root· compromises are arguably rare in modern environments. In this research, we will assume we have gained non-privileged user access on a Windows and Linux- based target and will demonstrate privilege escalation techniques on those targets. While every target can be considered unique due to differences in OS versions, patching levels, and various other factors, there are some common escalation approaches. To leverage these, we will search for misconfigured services, insufficient file permission restrictions on binaries or services, direct kernel vulnerabilities, vulnerable software running with high privileges, sensitive information stored on local files, registry setting that always elevate privileges before executing a binary, installation scripts that may contain hard coded credentials, and many others.