Privilege Escalation(Linux)

Linux user ID is ‘root‘.

LINUX-SPECIFIC PRIVILEGE ESCALATION

• SUID/SGID programs
  • Permission to execute a program as executable‘s owner/group
  • ls shows ‘s‘ in executable bit of permissions
    • -r-sr-sr-x(SUID and SGID set)
• Unsecure SUDO
  • Authorized users execute commands as if logged in a root
• Ret2libc
  • Stack overflow attack
  • Replaces current stack return address with attacker-chosen address of another subroutine
  • Libc includes useful calls, such as ‘system‘
• Sticky bits
  • Directory permission
  • Multiple users can create, read, and write files, but only the owner can delete
  • ls shows ‘t‘ in the last bit of permissions
    • drwxrwxrwt

QUICK REVIEW

• SUID/SGID and sudo make systems easier to use, but can make them easier to compromise
• Ret2libc is a potential attack vector for hijacking processes
• Sticky bit directories can allow attackers to write files and executables

Penetration Test - Select Your Attacks(14)

原文：https://www.cnblogs.com/keepmoving1113/p/13906862.html