Daemon Of Hacking
  • WELCOME!
    • 👋/home/usr/KruKnight
  • METHODOLOGIES & RESOURCES
    • Passwords & Attacks
    • Post Exploitation
      • 👀Situational Awareness
      • 🖥️Privilege Escalation
        • Linux Privilege Escalation
        • Windows Privilege Escalation
  • Writeups
    • CyCtf 2024
      • Vending Machine
      • Aerospace
      • OhMyCell
    • Portswigger Labs
      • Authentication
        • Username enumeration via different responses
        • 2FA simple bypass
        • Password reset broken logic
        • Username enumeration via subtly different responses
        • Username enumeration via response timing
        • Broken Brute-Force Protection, IP Block
        • Username enumeration via account lock
        • 2FA broken logic
        • Brute-forcing a stay-logged-in cookie
        • Offline password cracking
        • Password reset poisoning via middleware
        • Password brute-force via password change
        • Broken brute-force protection, multiple credentials per request
      • Os Command Injection
        • OS command injection, simple case
        • Blind OS command injection with time delays
        • Blind OS command injection with output redirection
        • Blind OS command injection with out-of-band interaction
        • Blind OS command injection with out-of-band data exfiltration
      • Cross-Origin Resource Sharing (CORS)
        • CORS vulnerability with basic origin reflection
        • CORS vulnerability with trusted null origin
        • CORS vulnerability with trusted insecure protocols
      • Server-side template injection
        • Basic server-side template injection
        • Basic server-side template injection (code context)
      • Server-Side Request Forgery (SSRF)
        • Basic SSRF against the local server
        • Basic SSRF against another back-end
        • Blind SSRF with out-of-band detection
        • SSRF with blacklist-based input filter
        • SSRF with filter bypass via open redirection vulnerability
      • Path Traversal
  • 🟩HTB Writeups
    • Heal
Powered by GitBook
On this page

Was this helpful?

  1. METHODOLOGIES & RESOURCES
  2. Post Exploitation

Privilege Escalation

Introduction

Privilege escalation refers to gaining higher-level access within a system, such as moving from a standard user to an administrative or root user, allowing more control over the system.

When working on a compromised system, we often need to escalate our privileges. This means gaining higher-level access to perform more impactful actions and gather sensitive information. But why would we need to escalate privileges?

  • Password hashes: Some password hashes are only accessible to privileged users, such as the root user on Linux. By escalating our privileges, we can retrieve these hashes and attempt to crack them, giving us access to user accounts.

  • Certificates: If we want to authenticate to another system, sometimes we need certificates that are only available to privileged users. Escalating privileges helps us access those certificates.

  • Token attacks: We may want to steal tokens from other users or systems, which can be used to impersonate them and access their resources.

  • Impersonation: By obtaining root-level access, we can impersonate any user on the system, gaining access to their data and privileges across connected systems.

PreviousSituational AwarenessNextLinux Privilege Escalation

Last updated 7 months ago

Was this helpful?

🖥️