问题
I'm looking for some sort of very basic privilege escalation example that I can use as part of a presentation I need to give.
I've looked through a few proof of concept snippets but haven't found anything that seems to work properly.
Anyone have any ideas?
回答1:
Here are a few thousand local privilege escalation exploits for a variety of platforms written in a variety of languages.
回答2:
There are two kinds of privilege escalations, which are horizontal escalation and vertical esaclation. Horizontal one means you can obtain others' privilege which is in the same level with you; vertical one means you can obtain the privilge which are higher than yours.
Privilege escalations happen both in desk applications and web applications. Some times, we also calls the vulnerability hidden in web applications which will lead to privilege escalation as logic flaws. The essence of privileg escalation flaw is that some alterlative execution paths leading to a critical points have been provided by software developers unintentionally. Such phenomenon is popular, as developers are prone to omit some required checks of the business logic. As you know, implementing the functionality is just OK.
Desk privilege escalation is a little more complecated than web one. For presentaion purpose , I suggest the web ones. You can find a lot of examples of web privilege escalation in paper titled "Seven business logic flaws that put your website at risk", whose link is "http://50.57.64.91/images/d/db/FROCo8_JeremiahGrossman_BizLogicFlaws.pdf" and paper title "A first step toward automat-ed detection of buffer overrun vulnerabilities." from google scholar.
A classical web privlige esaclation case looks like as following, the website puts all critical links in a page after the logging page, and omitts the corresponding checking invovled in those critical links. In their mind, users are impossible to access these links until their pass the logging. However, it is not the truth. Users are browsing their websites through HTTP protocal which is a stateless protocal, which means a user is able to access arbitrary pages in their web site. Such authentication policy is dangerous and will lead to privilege escalation. You can find a lot of such flaws in social web sites which are prone to omit some critical checks in privileged pages. A tool named "webscrab" is useful for you to forge "post" or "get" requests toward a particular web site to launch a privilege escalation.
来源:https://stackoverflow.com/questions/5248594/where-can-i-find-a-good-example-of-privilege-escalation