Introduction to Linux Privilege Escalation

What does "privilege escalation" mean?

Privilege escalation is a journey. There are no silver bullets, and much depends on the specific configuration of the target system. The kernel version, installed applications, supported programming languages, and other users' passwords are a few key elements that will affect your road to the root shell.

For authorized users on Linux, privilege escalation allows elevated access to complete a specific task or make system configuration modifications.

On Linux, this is typically done via the sudo (Super User DO) command that enables condition-based privilege elevation for user accounts. To use sudo privilege elevation, you simply precede the command with sudo, which will then execute the command as a super-user.

Types of Privilege Escalation

• Vertical privilege escalation
• Horizontal privilege escalation

Vertical privilege escalation is when an attacker compromises a user account that has limited shell permissions on a system. They then look for ways to increase their privileges using the same account. For example, they might add the compromised account to the sudoers file so they can execute commands as the super-user account or use the special permission bit set by setuid and setgid to execute an executable as a privileged user.

Horizontal privilege escalation is when an attacker gains access to another user on the system with higher privileges than the initial one used to gain their initial shell. With higher-level privileges, an attacker can move freely around the network without detection.