The fastest way to become the system administrator is to steal it. In this video, you’ll learn how privilege escalation can instantly take you from zero to user 0.
<< Previous Video: Cross-site Request Forgery Next: DNS Poisoning and Domain Hijacking >>
Privilege escalation is the type of vulnerability you really don’t want to have on your systems. This is when a person is able to gain a higher level access to the system than what their authentication allows. This is usually based around the exploitation of an existing vulnerability, or it might be related to a bug or a design flaw in an application or an operating system. When we talk about a higher level access in a system, you might be a user who is in shipping and receiving or accounting, and all of the resources you have access to are based around your job in shipping and receiving or your job and accounting.
When you perform a privilege escalation, however, you now gain more access to the system. Very often these privileged escalations allow complete access to the system, which really is an obvious concern for a system administrator. Because of the dramatic access that someone gains by performing a privilege escalation, these are the types of problems you want to patch very quickly. They’re usually released as critical or high priority patches to an operating system or to an application, because if somebody does perform this privilege escalation, they may effectively become the administrator for that system.
This doesn’t always have to be the case, of course. There are some privileges escalations that are horizontal where you are in shipping and receiving and you perform a privilege escalation that allows you access to accounting, but it doesn’t necessarily allow you access to the entire system. A privilege escalation is generally something you can find and patch very quickly. It’s related to a bug or a vulnerability, and it’s something that you can resolve by updating some software.
You might also want to update your anti-virus, near anti-malware software. There are known vulnerabilities that those applications are able to stop even if you haven’t patched your system. There’s a function in certain operating systems that can help you as well. This is called data execution prevention. This means that a section of memory is set aside, so that executable software can run.
Other sections of memory have been allocated as non-executable. So if somebody does try to take advantage of a vulnerability and it’s in a part of memory that is not allowed to execute, then that particular vulnerability will not work. Many operating systems also have a function called address space lay out randomization where the applications may execute in different places in memory at different times. This means that the bad guys can’t focus on a very specific memory address, because they never know where the application may be executing.