Views

Linux Privilege Escalation

2 Global Definition

Linux Privilege Escalation is the process of exploiting vulnerabilities, misconfigurations, or weak permissions on a Linux system to gain higher privileges. The goal is often to escalate from a low-level user account to root, which provides unrestricted access to the system. This is a key step in post-exploitation for attackers and red teamers.

2.1 Common Attack Vectors

  • Kernel Exploits: Taking advantage of vulnerabilities in the Linux Kernel. Example: Dirty COW (CVE-2016-5195).
  • SUID Binaries: Abusing misconfigured SUID executables to execute commands as root.
  • Weak File Permissions: Reading sensitive files like /etc/shadow or modifying configuration files.
  • Credential Reuse: Discovering stored passwords in config files.
  • Exploiting Cron Jobs: Hijacking automated cron tasks running with elevated privileges.
  • Exploiting Capabilities: Abusing Linux capabilities assigned to binaries.

2.2 Real-World Impact

  • Root Access: Full control over the operating system, bypassing all restrictions.
  • Data Theft: Access to sensitive files such as SSH keys, password hashes, and system configs.
  • Lateral Movement: Attackers can pivot to other machines using stolen SSH credentials.
  • Persistence: Inserting rootkits, backdoors, or modifying startup scripts for long-term control.

2.3 Exploitation Techniques

  • Kernel Exploitation: Running public exploits for vulnerable Linux versions. Example: exploit-db/linux/local/.
  • Misconfigured Sudo: If a user has sudo privileges without password, commands can be run as root. Example: sudo /bin/bash.
  • PATH Hijacking: Abusing weak PATH variables to trick root processes into executing malicious binaries.
  • Exploiting Writable Files: Modifying scripts or binaries executed by root.
  • Password Cracking: Extracting password hashes from /etc/shadow and cracking with tools like John the Ripper or Hashcat.

2.4 Defense Strategies

  • Keep Linux distributions updated with the latest security patches.
  • Remove or restrict unnecessary SUID binaries.
  • Use strong file permissions to restrict access to sensitive files.
  • Audit cron jobs and environment variables for abuse potential.
  • Enforce strong authentication and avoid storing passwords in plaintext.
  • Enable monitoring tools like Auditd to detect privilege escalation attempts.

2.5 Why It Matters

Linux privilege escalation is one of the most crucial skills for attackers, penetration testers, and defenders. Since Linux powers most servers and critical infrastructure, attackers who gain root can fully compromise services, steal sensitive data, and establish long-term persistence. By studying these techniques, defenders can harden Linux systems against real-world attacks.

Share and Join the Discussion

You need to be logged in to participate in this discussion.

×
×