Escalating Privileges | System Hacking

Escalating privileges is the third step in the hacking cycle. Escalating privileges basically means adding more rights or permissions to a user account. Simply said, escalating privileges makes a regular user account into an administrator account.
Generally, administrator accounts have more stringent password requirements, and their passwords are more closely guarded. If it isn't possible to find a username and password of an account with administrator privileges, a hacker may choose to use an account with lower privileges. In this case, the hacker must then escalate that account's privileges.
This is accomplished by first gaining access using a nonadministrator user account—typically by gathering the username and password through one of the previously discussed methods—and then increasing the privileges on the account to the level of an administrator.
Once a hacker has a valid user account and password, the next step is to execute applications. Generally the hacker needs to have an account with administrator-level access in order to install programs, and that is why escalating privileges is so important. In the following sections, we'll see what hackers can do with your system once they have administrator privileges.

Executing Applications

Once a hacker has been able to access an account with administrator privileges, the next thing they do is execute applications on the target system. The purpose of executing applications may be to install a backdoor on the system, install a keystroke logger to gather confidential information, copy files, or just cause damage to the system—essentially, anything the hacker wants to do on the system.
Once the hacker is able to execute applications, the system is considered owned and under the control of the hacker.

Buffer Overflows

Buffer overflows are hacking attempts that exploit a flaw in an application's code. Essentially, the buffer overflow attack sends too much information to a field variable in an application, which can cause an application error. Most times, the application doesn't know what action to perform next because it's been overwritten with the overflow data. Therefore, it either executes the command in the overflow data or displays a command prompt to allow the user to enter the next command. The command prompt or shell is the key for a hacker and can be used to execute other applications.

No comments:

Post a Comment

Popular Posts