Implementing a Method for Privilege Escalation Attacks in Windows Systems

Abstract

Nowadays, the security of digital data is one of the most important assets of the information age and is more important than ever. Many operating system services require special privileges to conduct their tasks. A configuration or programming error made in a privileged service in the operating system or software causes unauthorized access to privileges. Especially in widely used operating systems such as Windows, privilege escalation attacks are one of the main threats to system security. In a worst-case scenario, these attacks open the door for a remote attacker to take action that requires high-level privilege, allowing them to switch from limited user rights to administrator rights that provide full control over the system by exploiting vulnerabilities or programming errors in the system. This study provides a perspective on how privilege escalation attacks occur in Windows operating systems, how privilege escalation attacks occur by cracking user password hashes in the Security Account Manager (SAM) file, and how privilege separation can be an effective defense method against such attacks.