Privilege Escalation
You can add privilege escalation while creating a credentialed scan if the scan uses the following authentication methods found in the Elevate Privileges With portion of the Settings tab for your selected Authentication Method.
| Authentication Methods that Support Escalation | Supported Escalation Methods |
|---|---|
|
Arcon |
.k5login |
The tables below describe the additional credential options you must configure for privilege escalation.
Note: BeyondTrust's PowerBroker (pbrun) and Centrify's DirectAuthorize (dzdo) are proprietary root task delegation methods for Unix and Linux systems.
Tip: Scans run using su+sudo allow the user to scan with a non-privileged account and then switch to a user with sudo privileges on the remote host. This is important for locations where remote privileged login is prohibited.
Note: Scans run using sudo vs. the root user do not always return the same results because of the different environmental variables applied to the sudo user and other subtle differences.
Privilege Escalation Options for Arcon
| Option | Escalation Type | Description | Required |
|---|---|---|---|
| Escalation Account Name |
.k5login |
The username for the account with elevated privileges. |
yes |
| Escalation Username |
.k5login |
The username for the account with elevated privileges. |
yes |
| Escalation password | dzdo su su+sudo |
The password for the account with elevated privileges. |
yes |
| Location of dzdo (directory) | dzdo | The directory path for the dzdo command. | no |
| Location of pbrun (directory) | pbrun | The directory path for the pbrun command. | no |
| Location of su (directory) | su | The directory path for the su command. | no |
| Location of su and sudo (directory) | su+sudo | The directory path for the su and sudo commands. | no |
| Location sudo (directory) | sudo | The directory path for the sudo command. | no |
| SSH user password | pbrun |
The password for the account with elevated privileges. |
yes |
| su login | su | The username for the account with su privileges. | yes |
| su user | su+sudo | The username for the account with su privileges. | yes |
| sudo password | sudo | The password for the account with sudo privileges. | yes |
| sudo user | su+sudo sudo |
The username for the account with sudo privileges. | yes |
Privilege Escalation Options for Certificate, Kerberos, Password, and Public Key
| Option | Escalation Type | Description | Required |
|---|---|---|---|
| Enable password | Cisco 'enable' |
The password to run the 'enable' utility on a Cisco device. |
yes |
| Escalation account | .k5login pbrun dzdo |
The username for the account with elevated privileges. |
yes |
| Escalation password | dzdo pbrun su su+sudo |
The password for the account with elevated privileges. |
yes |
| Location of dzdo (directory) | dzdo | The directory path for the dzdo command. | no |
| Location of pbrun (directory) | pbrun | The directory path for the pbrun command. | no |
| Location of su (directory) | su | The directory path for the su command. | no |
| Location of su and sudo (directory) | su+sudo | The directory path for the su and sudo commands. | no |
| Location sudo (directory) | sudo | The directory path for the sudo command. | no |
| SSH user password | pbrun |
The password for the account with elevated privileges. |
yes |
| su login | su | The username for the account with su privileges. | yes |
| su user | su+sudo | The username for the account with su privileges. | yes |
| sudo password | sudo | The password for the account with sudo privileges. | yes |
| sudo user | su+sudo sudo |
The username for the account with sudo privileges. | yes |
Privilege Escalation Options for CyberArk
| Option | Escalation Type | Description | Required |
|---|---|---|---|
| CyberArk Account Details Name | .k5login Cisco 'enable' dzdo pbrun su su+sudo sudo |
The method with which your CyberArk Escalation credentials are retrieved. Can be Username, Identifier, Address, or Parameters. | yes |
| Escalation account | dzdo |
The username for the account with elevated privileges. |
yes |
| Location of dzdo (directory) | dzdo | The directory path for the dzdo command. | no |
| Location of pbrun (directory) | pbrun | The directory path for the pbrun command. | no |
| Location of su (directory) | su | The directory path for the su command. | no |
| Location of su and sudo (directory) | su+sudo | The directory path for the su and sudo commands. | no |
| Location sudo (directory) | sudo | The directory path for the sudo command. | no |
| su login | su | The username for the account with su privileges. | yes |
| su user | su+sudo | The username for the account with su privileges. | yes |
| sudo user | su+sudo sudo |
The username for the account with sudo privileges. | yes |
Privilege Escalation Options for Thycotic Secret Server
| Option | Escalation Type | Description | Required |
|---|---|---|---|
| Thycotic Escalation Account | .k5login Cisco 'enable' dzdo pbrun su su+sudo sudo |
The name parameter for the Thycotic account with elevated privileges. | yes |
| Location of dzdo (directory) | dzdo | The directory path for the dzdo command. | no |
| Location of pbrun (directory) | pbrun | The directory path for the pbrun command. | no |
| Location of su (directory) | su | The directory path for the su command. | no |
| Location of su and sudo (directory) | su+sudo | The directory path for the su and sudo commands. | no |
| Location sudo (directory) | sudo | The directory path for the sudo command. | no |
| su user | su+sudo | The username for the account with su privileges. | yes |