Introduction
In this post, you will learn what is privilege escalation and its two types and in addition, you will see a differentiation table between vertical privilege and horizontal privilege escalation. And this post, especially for beginners, and also anyone who is interested in this topic can read it.
What is Privilege escalation?
A Privilege escalation comes after cybercriminals successfully compromising a device. Once the cybercriminal compromised. The lateral movement between the connected computers is Privilege escalation.
In simple words, Once the cybercriminals compromised a targeted device, then he/she will move to the connected device in order to gather more information on the compromised network.
Most cybercriminals perform privilege escalations to make the target more vulnerable. The more cybercriminals make the target vulnerable the success rate of the cybercriminals is more.
Privilege escalations did in many different methods with different tools. However, Let’s see how this method works.
Also Read: What is Ophcrack – Overview
How does Privilege escalation work?
Firstly the hacker should compromise a targeted device using a number of tools. And even I have written about many tools and some are mentioned below;
Pic credit: By User:AntiCompositeNumber – Therefore, Own work, based on File:Privilege Escalation Diagram.jpg, CC0, https://commons.wikimedia.org/w/index.php?curid=58226931
Using the below tools a hacker can surely compromise a device.
- Nmap
- Metasploit
- John the ripper
- THC hydra
- Wireshark
- Aircrack-ng
- Nikto
- Kismet
- Cain and Abel
- Nessus
- TCP dump
- Prismdump
I have also given links to all the tools. Where one could see an overview of the tools only.
Once the hacker has compromised with the above tool and now secondly he/she will do privilege escalations with various other tools. The interesting part is the hackers do privilege escalations through some legit tool. I have mentioned some below.
- Sysinternals
- Fileshare
- Remote Desktop
- Powershell (Mostly used)
- WMI(Windows management Instrumentation)
- Schedule tasking
- Pass the hash
- Token stealing
I have mentioned some methods used for lateral movements and therefore one is PowerShell is used by most of the cybercriminals and even in the Wannacry exploit for lateral movements, the cybercriminals used the PowerShell tool. Because once the criminal enters the compromised device he/she should remain silent, So, with PowerShell it is possible. Powershell is a legit tool that comes preinstalled in windows so, the windows system thinks the command is given by windows administration.
Also Read: The three security posture
Types of Privilege escalation
There are two types of privilege escalation they are vertical and horizontal privilege escalation.
Horizontal Escalation – In horizontal privilege escalations, the cybercriminals starts to gather information on the compromised device only he/she will not move to any connected device. So, In simple words, once the hacker compromised a device and then doing the lateral movement with the same device.
In some cases the cybercriminal directly compromises the admin device so, later movements will be in horizontal privilege escalation. This is the best example of horizontal privilege escalations.
Vertical Escalation – In Vertical privilege escalations, the cybercriminal compromises a low-level device and does the lateral movement from moving to the connected devices. Many hackers prefer this method in order to gain more information.
Until the cybercriminal moves to the admin device and compromises it. Therefore, the hacker will continuously do Vertical escalation.
Difference between Horizontal and Vertical escalation
| Horizontal Escalation | Vertical Escalation |
| Cybercriminals do the lateral movement with an initially compromised device | Cybercriminals do the lateral movement from jumping from one device to another connected device |
| Tools are not used in Horizontal escalation | Tools are used in vertical escalation |
| Eg tool: Used the initially compromised device | Eg tools: Powershell is used for Vertical Escalation |
Also Read: Prismdump tool an overview
Also Read: TCPdump – Packet sniffer tool overview
