Give an example of a Linux privilege escalation vector commonly checked during pentests.

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the eLearnSecurity Junior Penetration Tester exam with our comprehensive quiz platform. Improve your skills with multiple-choice questions, detailed explanations, and exam tips. Get exam ready with ease!

Multiple Choice

Give an example of a Linux privilege escalation vector commonly checked during pentests.

Explanation:
Privilege escalation on Linux often hinges on how programs run with elevated rights. A set-user-ID (SUID) program runs with the owner’s privileges (typically root) regardless of who executes it. If such a binary is insecure or misconfigured, a non-privileged user can exploit it to gain root access. That makes SUID binaries a go-to focus during a pentest: they’re directly tied to how privileges are granted and can reveal clear paths to elevation. Searching for SUID binaries and then inspecting them is a core step because many systems inadvertently expose risky SUID programs or wrappers. You’d typically locate them with a broad scan and then analyze each candidate for weaknesses, such as a binary that invokes a shell, uses unvalidated input, or calls system functions in unsafe ways. If you find a misconfigured or vulnerable SUID binary, it often provides a straightforward route to escalate privileges. Other options describe legitimate credential or persistence concepts, or require specific misconfigurations or kernel-level bugs to be exploitable. While cron job misconfigurations or kernel module vulnerabilities can enable privilege escalation, they’re less universal as a baseline tactic compared to the standard, widely applicable check of SUID binaries.

Privilege escalation on Linux often hinges on how programs run with elevated rights. A set-user-ID (SUID) program runs with the owner’s privileges (typically root) regardless of who executes it. If such a binary is insecure or misconfigured, a non-privileged user can exploit it to gain root access. That makes SUID binaries a go-to focus during a pentest: they’re directly tied to how privileges are granted and can reveal clear paths to elevation.

Searching for SUID binaries and then inspecting them is a core step because many systems inadvertently expose risky SUID programs or wrappers. You’d typically locate them with a broad scan and then analyze each candidate for weaknesses, such as a binary that invokes a shell, uses unvalidated input, or calls system functions in unsafe ways. If you find a misconfigured or vulnerable SUID binary, it often provides a straightforward route to escalate privileges.

Other options describe legitimate credential or persistence concepts, or require specific misconfigurations or kernel-level bugs to be exploitable. While cron job misconfigurations or kernel module vulnerabilities can enable privilege escalation, they’re less universal as a baseline tactic compared to the standard, widely applicable check of SUID binaries.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy