Privilege Escalation

What is Privilege Escalation?

Privilege escalation is the act of exploiting a vulnerability to gain elevated access to resources that are normally protected from an application or user. Vertical escalation gains higher privileges (user to admin). Horizontal escalation accesses resources of another user at the same privilege level.

How Does it Work?

Vertical: exploiting kernel vulnerabilities, misconfigurations (SUID binaries, writable PATH), or CVEs to gain root/admin. Horizontal: exploiting IDOR, broken access controls, or session management flaws to access other users' data. Both are post-initial-access techniques.

# Common Linux Privilege Escalation Techniques

# 1. Find SUID binaries
find / -perm -u=s -type f 2>/dev/null

# 2. Check for writable PATH directories
echo $PATH | tr ':' '\n' | xargs -I{} ls -ld {}

# 3. Check for misconfigured sudoers
sudo -l

# 4. Kernel exploit (Dirty Pipe example)
# CVE-2022-0847: Allows unprivileged users to overwrite root-owned files

Real-World Examples

The PrintNightmare vulnerability (CVE-2021-34527) allowed privilege escalation to SYSTEM on any Windows machine. Linux Dirty Pipe (CVE-2022-0847) enabled unprivileged users to overwrite root-owned files. Many APT campaigns chain initial access with privilege escalation.

Security Impact

Privilege escalation converts limited access to full system compromise. Attackers use it to install rootkits, access sensitive data, disable security controls, and establish persistence for long-term campaigns.

Prevention & Mitigation

Apply least privilege principles. Keep systems patched. Audit SUID/SGID binaries. Use mandatory access controls (SELinux/AppArmor). Implement proper authorization checks at every level. Monitor for privilege escalation indicators.

How Precogs AI Stops Privilege Escalation

Precogs AI detects privilege escalation vectors in compiled binaries: unsafe SUID usage, missing authorization checks, kernel vulnerability patterns, and misconfigured access controls in firmware and applications.