Analyzing Access Control for Elevation of Privilege
With all that background foundation understood, you’re finally ready to learn how to attack! All the file read access discussion earlier was to help you understand concepts. The attack methodology and attack process are basically the same no matter the resource type.
Step 1: Enumerate the object’s DACL and look for access granted to non-admin SIDs.
We look for non-admin SIDs because attacks that require privileged access to pull off are not worth enumerating. Group those non-admin SIDs in the DACL into untrusted and semi-trusted users. Untrusted users are Users, Guest, Everyone, Anonymous, INTERACTIVE, and so on. Semi-trusted users are interesting in the case of a multistage attack. Semi-trusted ...
Get Gray Hat Hacking, Second Edition, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
