Category Archives: Privilege Escalation

Privilege Escalation (Linux) – Ansible

Description: Ansible is an open source IT automation tool that automates provisioning, configuration management, application deployment, orchestration, and many other manual IT processes. Unlike more simplistic management tools, Ansible users (like system administrators, developers and architects) can use Ansible automation to install software, automate daily tasks, provision infrastructure, improve security and compliance, patch systems, andContinue reading “Privilege Escalation (Linux) – Ansible”

Privilege Escalation (Windows) – Pass the hash

Description : A Pass-the-Hash (PtH) attack is a technique whereby an attacker captures a password hash (as opposed to the password characters) and then simply passes it through for authentication and potentially lateral access to other networked systems. The threat actor doesn’t need to decrypt the hash to obtain a plain text password. PtH attacks exploit theContinue reading “Privilege Escalation (Windows) – Pass the hash”

Privilege Escalation (Windows) – UsoSvc Service

Description : Update Orchestrator Service(UsoSVC), as the name suggests, is responsible for downloading updates for the operating system and installing them after verifying. The service is a very important and an essential feature as the operating system needs to be updated constantly due to the new security and feature updates. How to identify ? RunContinue reading “Privilege Escalation (Windows) – UsoSvc Service”

Privilege Escalation (Windows) – Server Operator Group

Description : Members in the Server Operators group can administer domain controllers. It only exist on the ‘Domain Controllers’ and has access to server configuration options. Members can perform maintenance tasks (such as backup and restore), and they have the ability to change binaries that are installed on the domain controllers. How to identify ?Continue reading “Privilege Escalation (Windows) – Server Operator Group”

Privilege Escalation (Linux) – vi editor

Description: If ‘vi’ binary have all rights to normal user, then adversary can able to escalate privilege from normal user to root. How to identify? To identify list of privileges of normal user, simply type $sudo -l or run automated scripts like LinEnum.sh, linpeas.sh etc. It clearly says that no password required to read, writeContinue reading “Privilege Escalation (Linux) – vi editor”

Privilege Escalation (Linux) – staff group

Description: Basically “staff” is a group, exist in Debian library. It allows users to add local modifications to the system (/usr/local) without needing root privileges (note that executables in /usr/local/bin are in the PATH variable of any user, and they may “override” the executables in /bin and /usr/bin with the same name).  How to identifyContinue reading “Privilege Escalation (Linux) – staff group”

Privilege Escalation (Windows) – churrasco.exe

Description: churrasco exploit is similar to juicypotato exploit. In some scenarios JuicyPotato exploit is not compatible with the older systems like Windows server 2003 or Windows XP. It’s a Windows privilege escalation from “service” accounts to “NT AUTHORITY\SYSTEM” account. How to identify ? Systeminfo of the target machine. Account information of target machine. Privileges ofContinue reading “Privilege Escalation (Windows) – churrasco.exe”

Privilege Escalation (LINUX) – JJS

Description: JJS is an acronym for ‘java java script’. JJS is a command-line tool to invoke the ‘Nashorn’ engine. This is the recommended tool, created specifically for ‘Nashorn’. To evaluate a script file using Nashorn, pass the name of the script file to the jjs tool. What is Nashorn engine ? Nashorn is the high-performance JavaScript engineContinue reading “Privilege Escalation (LINUX) – JJS”

Privilege Escalation (Linux) – systemctl

Description: systemctl is used to examine and control the state of “systemd” system and service manager. “systemd” is system and service manager for Unix like operating systems(most of the distributions, not all). As the system boots up, the first process created, i.e. init process with PID = 1, is systemd system that initiates the userspace services, it’sContinue reading “Privilege Escalation (Linux) – systemctl”

Privilege Escalation (Windows) – JuicyPotato.exe

Description: Juicy potato is the enhanced version of “Rotten Potato” exploits. It’s a Windows privilege escalation from “service” accounts to “NT AUTHORITY\SYSTEM” account. How to identify ? Operating System Windows 10, version 1803 and below Windows Server 2016 and below Privileges SeImpersonatePrivilege SeAssignPrimaryPrivilege SeTcbPrivilege SeBackupPrivilege SeRestorePrivilege SeCreateTokenPrivilege SeLoadDriverPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege How it works ? Systeminfo of theContinue reading “Privilege Escalation (Windows) – JuicyPotato.exe”

Design a site like this with WordPress.com
Get started