提权攻击是攻击者利用系统或应用的漏洞,获取比当前账号更高权限的行为。提权分水平提权和垂直提权。
水平提权是接管与当前账号处于相同权限的其他账户的行为。通过水平提权,扩大受感染系统影响的范围;垂直提权是从低权限用户提升至高权限用户的行为。
以“永恒之蓝”为例,该病毒利用windows操作系统SMB协议漏洞获取系统最高权限,从而控制目标系统。
英文翻译:
Entitlement attack is a behavior in which an attacker takes advantage of the vulnerabilities of a system or application to obtain higher permissions than the current account. The rights are divided into horizontal rights and vertical rights. Horizontal delegation is the act of taking over other accounts with the same permissions as the current account. Expanding the range of affected systems through horizontal empowerment; Vertical promotion is the behavior of promoting a user with low permission to a user with high permission.
Take Eternal Blue as an example, the virus takes advantage of the SMB protocol vulnerability of the windows operating system to obtain the highest system permission and thus control the target system.
本文由数字化转型网(www.szhzxw.cn)转载而成,来源于网络;编辑/翻译:数字化转型网默然。
