Privilege escalation attack is a method is to steal information by first gaining lower-level access to your network. An attacker can gain access to the network using a non-admin user account, and the next step would be to gain administrative privilege. It is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications. Not every system hack will initially provide an unauthorized user with full access to the targeted system. In those circumstances, privilege escalation is required. Successful privilege escalation attacks grant hackers privileges that normal users don’t have.
Escalation of Privileges:
- Horizontal Privilege Escalation occurs when a malicious user attempts to access resources and functions that belong to peer users, who have similar access permissions.
- Vertical privilege escalation requires the attacker to grant himself higher privileges. This is typically achieved by performing kernel-level operations that allow the attacker to run unauthorized code. In most privilege escalation attacks, the hacker first logs in with a low-end user account. Then he can search for exploitable flaws in the system that can be used to elevate his privileges.