The authors have developed a Linux privilege escalation benchmark to address the lack of a standardized platform for evaluating the performance of privilege escalation techniques. The benchmark consists of a set of Linux virtual machines, each containing a single vulnerability that allows an attacker to elevate their privileges from a low-privilege account to the root account.
The benchmark is designed to meet specific requirements, including:
The authors have identified and implemented various vulnerability classes based on common attack vectors observed in Capture-the-Flag (CTF) challenges and online privilege escalation training platforms. These vulnerability classes include:
The benchmark is designed to be extensible and transparent, with the virtual machines and Ansible automation scripts being released as open-source. The authors have also incorporated optional hints for each test case to emulate the manual process of going through a vulnerability class checklist, as observed in human hacking behavior.
The authors discuss the differences between the enumeration and exploitation phases of privilege escalation attacks, highlighting the importance of automation in the enumeration process and the varying complexity of single-step and multi-step exploits. They also provide examples of potential exploitation commands for the different vulnerability classes.
The comprehensive Linux privilege escalation benchmark developed by the authors aims to provide a standardized platform for evaluating the effectiveness of privilege escalation techniques, enabling defenders to better fortify their Linux systems and protect their infrastructure from potentially devastating attacks.
To Another Language
from source content
arxiv.org
Deeper Inquiries