Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-234:Hijacking a privileged process
Attack Pattern ID:234
Version:v3.9
Attack Pattern Name:Hijacking a privileged process
Abstraction:Standard
Status:Draft
Likelihood of Attack:
Typical Severity:Medium
DetailsContent HistoryRelated WeaknessesReports
▼Description
An adversary gains control of a process that is assigned elevated privileges in order to execute arbitrary code with those privileges. Some processes are assigned elevated privileges on an operating system, usually through association with a particular user, group, or role. If an attacker can hijack this process, they will be able to assume its level of privilege in order to execute their own code.
▼Extended Description
▼Alternate Terms
▼Relationships
NatureTypeIDName
ChildOfM233Privilege Escalation
CanFollowS100Overflow Buffers
CanFollowM175Code Inclusion
CanFollowM242Code Injection
Nature: ChildOf
Type: Meta
ID: 233
Name: Privilege Escalation
Nature: CanFollow
Type: Standard
ID: 100
Name: Overflow Buffers
Nature: CanFollow
Type: Meta
ID: 175
Name: Code Inclusion
Nature: CanFollow
Type: Meta
ID: 242
Name: Code Injection
▼Execution Flow
Explore
1.

Find process with elevated priveleges

The adversary probes for processes running with elevated privileges.

Technique
On Windows, use the process explorer's security tab to see if a process is running with administror privileges.
On Linux, use the ps command to view running processes and pipe the output to a search for a particular user, or the root user.
Experiment
1.

Find vulnerability in running process

The adversary looks for a vulnerability in the running process that would allow for arbitrary code execution with the privilege of the running process.

Technique
Look for improper input validation
Look for a buffer overflow which may be exploited if an adversary can inject unvalidated data.
Utilize system utilities that support process control that have been inadequately secured
Exploit
1.

Execute arbitrary code

The adversary exploits the vulnerability that they have found and hijacks the running process.

Technique
▼Prerequisites
The targeted process or operating system must contain a bug that allows attackers to hijack the targeted process.
▼Skills Required
▼Resources Required
None: No specialized resources are required to execute this type of attack.
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
▼Mitigations
▼Example Instances
▼Related Weaknesses
IDName
CWE-648Incorrect Use of Privileged APIs
CWE-732Incorrect Permission Assignment for Critical Resource
ID: CWE-648
Name: Incorrect Use of Privileged APIs
ID: CWE-732
Name: Incorrect Permission Assignment for Critical Resource
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
▼Notes
▼References
Details not found