Syscall Proxying - Simulating remote execution

Syscall Proxying - Simulating remote execution

A critical stage in a typical penetration test is the "Privilege Escalation" phase. An auditor faces this stage when access to an intermediate host or application in the target system is gained, by means of a previous successful attack. Access to this intermediate target allows for staging more effective attacks against the system by taking advantage of existing webs of trust and a more privileged position in the target system’s network. This "attacker profile" switch is referred to as pivoting throughout this document.

Pivoting on a compromised host can often be an onerous task, sometimes involving porting tools or xploits to a different platform and deploying them. This includes installing required libraries and packages and sometimes even a C compiler in the target system!

Friday, August 1, 2003