PATH HIJACKING TECHNIQUE THAT HELPS IN PRIVILEGE ESCALATION
2 min read
Summary
Mr Horbio, a cybersecurity researcher, in a post on Medium explains the technique of path hijacking as a method of privilege escalation, which is a cybersecurity exploit in which the attacker gains access to higher levels of permission after initially infiltrating a system.
Path hijacking works by manipulating the PATH environment variable to divert the system’s understanding of the location of a programme to be executed.
For example, the writer explains the ls command, which lists all files in a directory, with a fundamental explanation of pathways: the command alone doesn’t provide enough information for the system to understand which directory to use, so the PATH environment variable is used to locate it, with the path typically varying between servers.
The vulnerability lies in the fact that some production binaries have the execute bit FLAG set, but are not supposed to be executable outside of a specific path.
Attackers can exploit this to elevate their privileges and gain full control over a victim’s machine.
However, the post does end on a positive note, suggesting that while these attacks are commonplace, they are also easily preventable by either removing unwanted paths, or blocking the ability to modify the PATH environment variable entirely.