Jump to content

Talk:Privilege escalation

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

Is it only an exploit?

[edit]

Users with unprivileged credentials who properly execute "sudo" (for example) to perform authorised administrative activities are also "escalating privilege". It is not only an exploit or a bug. — Preceding unsigned comment added by 203.6.223.18 (talk) 00:36, 27 April 2015 (UTC)[reply]

I strongly agree. It bugs me every time I see this page refer to it as if it is only used as an exploit/bug. There are many examples of a user's or process's privileges being elevated/escalated by design.
- sudo in general
- GitHub's "sudo mode"
- https://en.wikipedia.org/wiki/Setuid:
> They are often used to allow users on a computer system to run programs with temporarily elevated [escalated] privileges to perform a specific task. While the assumed user id or group id privileges provided are not always elevated, at a minimum they are specific.
Can we please update this article to reflect the many ways privileges may be elevated intentionally and by design? TylerRick (talk) 19:11, 13 September 2023 (UTC)[reply]

Another meaning?

[edit]

I've also heard this term dealing with the fact that many of the individual privileges of a superuser can be used to obtain the others, including the ability to run in kernel mode.

For example, if a Windows program is granted SeDebugPrivilege - the right to debug any process in the system regardless of owner - it can escalate its privilege further by leveraging SeDebugPrivilege. It can use that privilege to open a running LocalSystem (akin to UNIX "root") process, such as winlogon.exe, and inject its own code, escalating its privilege to LocalSystem.

Similarly, the SeTakeOwnership privilege, which allows taking ownership of files without explicit permission, can be used on the Registry to change the Administrator password.

Many Windows privileges allow this sort of escalation, so their closure really ought to be considered a single privilege level. That's the route UNIX took.

-- Myria 07:59, 28 October 2005 (UTC)[reply]

"Horizontal" vs "Vertical" privilege escalation

[edit]

I've cleaned up the content for this concept a bit, but I dispute that there's a such thing as "horizontal privilege escalation", and not just because the term is a bit of an oxymoron.

"Horizontal" escalation means obtaining unauthorized impersonation rights (I know web apps never call it "impersonation"). Impersonation, a capability built in to a variety of reference monitors (including Unix, Win32, and databases) is an elevated privilege. "Horizontal" escalation is just a use case for a specific, limited form of "vertical" privilege escalation.

The content here is valuable; I'm not advocating that we strike it. I'm just saying that we probably shouldn't muddy it with concepts like "vertical and horizontal".

--- tqbf 02:00, 1 January 2008 (UTC)[reply]

I agree the content is valuable but the term itself is confusing. Zeroday (talk) 13:43, 24 February 2008 (UTC)[reply]


Well "horizontal privilege escalation" does exists. And not just in theory....There have been many High profile bank cases to validate the same....

-Meenal A. Mukadam


—Preceding unsigned comment added by 123.201.46.58 (talk) 07:54, 16 June 2008 (UTC)[reply]

Is this an example of Windows privilege escalation?

[edit]

I can't remember the exact details, but in Windows XP you can use the "at" command under cmd to schedule it to run cmd.exe a minute or 2 in the future. This new cmd process will run under the SYSTEM user for some mysterious reason. You can then end explorer.exe in task manager (which you can run under the new cmd if you're not allowed to run task manager on your own account), run explorer.exe under the cmd window, and therefore be allowed to do things in the Windows shell that you shouldn't have permission to do. Obviously this won't work if the policies have been set to prevent you from running at.

Is this a valid example of a very easy privilege escalation attack?

http://blogs.msdn.com/adioltean/articles/271063.aspx

Tebello TheWHAT!!?? 18:54, 9 June 2008 (UTC)[reply]

Yes, someone with the privilege to schedule jobs on WinXP/Win2k3 and earlier could elevate themselves to Admin in this way. This route has been blocked in Vista/Server 2008. Socrates2008 (Talk) 21:41, 9 June 2008 (UTC)[reply]

جيد

[edit]

جيد Ahomed123123 (talk) 00:02, 24 February 2015 (UTC)[reply]

اوفق

[edit]

اوافق Ahomed123123 (talk) 00:03, 24 February 2015 (UTC)[reply]

جيد

[edit]

جيد Ahomed123123 (talk) 00:04, 24 February 2015 (UTC)[reply]

Safe mode (Windows XP only)

[edit]

In Windows XP, can press F8 before startup and repeat until menu, in this menu, select safe mode and login to "Administrator" acount. — Preceding unsigned comment added by 77.65.88.198 (talk) 17:46, 13 June 2017 (UTC)[reply]

[edit]

Hello fellow Wikipedians,

I have just modified one external link on Privilege escalation. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 5 June 2024).

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 02:27, 15 December 2017 (UTC)[reply]

Server Emulator

[edit]

A Server Emulator (private Server) is also another form of privilege escalation.--Cartoondude135 (talk) 20:27, 26 July 2021 (UTC)[reply]

Wiki Education assignment: Research Process and Methodology - SU22 - Sect 202 - Tue

[edit]

This article was the subject of a Wiki Education Foundation-supported course assignment, between 4 July 2022 and 16 August 2022. Further details are available on the course page. Student editor(s): XChen0219 (article contribs).

— Assignment last updated by FULBERT (talk) 15:49, 14 August 2022 (UTC)[reply]