Open In App

What is User Privileges in Ethical Hacking ?

Improve
Improve
Like Article
Like
Save
Share
Report

Ever wondered why aren’t you able to make changes (moving, deleting) to some files/folders as a normal user on your system? It is because some files/folders are set up in a way to be only accessed by the Administrator or Super User i.e. it only allows the System Administrator to make changes.

As a simple example, a normal user is prevented from making changes to Operating System files but the administrator is allowed to do so as it is a part of maintaining a system.

 

But there is a term called Privilege Escalation, which basically means elevation of privileges of a normal user to that of Administrator or Super-User by providing the password.

This can be done with this command in the terminal.

sudo su

After putting in this command you’ll be prompted to enter the administrator’s password.

Note: You will not see the password being typed for security reasons.

This also gives rise to a potential number of cyber attacks, in which the attacker exploits a bug, obtains high-level privileges, and performs unauthorized actions that are often harmful to the client or the institution. These are also called privilege escalation exploits.

Steps of Privilege Escalation Attacks:

Generally, this type of attack is preceded by reconnaissance and some steps included are:

There are various possible techniques for Performing a Privilege Escalation Attack, one of them is attackers can use Credential Harvesting or Social Engineering techniques to obtain the credentials of a particular user. And as soon as attackers get into the institute’s network, they use compromised credentials and bypass access controls hence the attacker gained. There are other many other possible techniques to perform a Privilege Escalation Attack.

To prevent these types of attacks you may refer to Prevent Broken Access Control.


Last Updated : 15 Jun, 2022
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads