Privilege Escalation

You can configure privilege escalation for a credentialed scan if the scan uses the following authentication methods:

Authentication Methods that Support Escalation Supported Escalation Methods

certificate
CyberArk
Kerberos
password
public key
Thycotic Secret Server

.k5login
Cisco 'enable'
dzdo
pbrun
su
su+sudo
sudo

The tables below describe the additional credential options you must configure for privilege escalation.

Note: BeyondTrust's PowerBroker (pbrun) and Centrify's DirectAuthorize (dzdo) are proprietary root task delegation methods for Unix and Linux systems.

Tip: Scans run using su+sudo allow the user to scan with a non-privileged account and then switch to a user with sudo privileges on the remote host. This is important for locations where remote privileged login is prohibited.

Note: Scans run using sudo vs. the root user do not always return the same results because of the different environmental variables applied to the sudo user and other subtle differences. For more information, see: https://www.sudo.ws/man/sudo.man.html.

Option Escalation Type Description Required
Enable password Cisco 'enable'

The password to run the 'enable' utility on a Cisco device.

 yes
Escalation account .k5login
dzdo

The username for the account with elevated privileges.

yes
Escalation password dzdo
su
su+sudo

The password for the account with elevated privileges.

 yes
Location of dzdo (directory) dzdo The directory path for the dzdo command. no
Location of pbrun (directory) pbrun The directory path for the pbrun command. no
Location of su (directory) su The directory path for the su command. no
Location of su and sudo (directory) su+sudo The directory path for the su and sudo commands. no
Location sudo (directory) sudo The directory path for the sudo command. no
SSH user password pbrun

The password for the account with elevated privileges.

 yes
su login su The username for the account with su privileges. yes
su user su+sudo The username for the account with su privileges. yes
sudo password sudo The password for the account with sudo privileges. yes
sudo user su+sudo
sudo		 The username for the account with sudo privileges. yes
Option Escalation Type Description Required
CyberArk Account Details Name .k5login
Cisco 'enable'
dzdo
pbrun
su
su+sudo
sudo
 The name parameter for the CyberArk account with elevated privileges. yes
Escalation account dzdo

The username for the account with elevated privileges.

yes
Location of dzdo (directory) dzdo The directory path for the dzdo command. no
Location of pbrun (directory) pbrun The directory path for the pbrun command. no
Location of su (directory) su The directory path for the su command. no
Location of su and sudo (directory) su+sudo The directory path for the su and sudo commands. no
Location sudo (directory) sudo The directory path for the sudo command. no
su login su The username for the account with su privileges. yes
su user su+sudo The username for the account with su privileges. yes
sudo user su+sudo
sudo		 The username for the account with sudo privileges. yes
Option Escalation Type Description Required
Thycotic Escalation Account .k5login
Cisco 'enable'
dzdo
pbrun
su
su+sudo
sudo		 The name parameter for the Thycotic account with elevated privileges. yes
Location of dzdo (directory) dzdo The directory path for the dzdo command. no
Location of pbrun (directory) pbrun The directory path for the pbrun command. no
Location of su (directory) su The directory path for the su command. no
Location of su and sudo (directory) su+sudo The directory path for the su and sudo commands. no
Location sudo (directory) sudo The directory path for the sudo command. no
su user su+sudo The username for the account with su privileges. yes