After I see some examples of shellcodes in various exploit examples they try to spawn a shell.
I want to understand why after spawn the shell have privileged access?
Doesn't the shell should have the same privileges as the user running the process?
Add a comment
|
1 Answer
Well, what to say except that you are fully right?
The spawn shell will have the exact same privileges as the process from which it is spawned, no more, but no less either. All the interest is here: the greater privileges the vulnerable application has, the greater privileges your spawned shell will have.
However, once you have a shell running on the machine, nothing prevents you from trying to run local privilege escalation exploits. But this will be done at a second step:
- First step: spawn a shell which will have the same privilege as the end-user or the web-server running the vulnerable software,
- Then, as a second step and if you need to (you do not necessarily have to increase your privileges, it all depends what your final goal is), you will try to use other exploits in order to increase your current privileges. The main difference is that, having an interactive shell running on the machine, you will now be able to take advantage of local exploits instead of being limited to remote ones as in the first step.