Practical kernel attacks with Kali
We have enough background to sit down with Kali and fire off our attack at a vulnerable Windows target. At this point, you should fire up your Windows 7 VM. However, we're doing two stages in this demonstration because the attack is local. So far, we've been examining attacks that get us in, this time, we're already in. To the layperson, this sounds like the game is already won, but don't forget that modern operating systems are layered. There was a golden age when remote exploits landed you full SYSTEM
privilege on a target Windows box, in which case, the attack that you in really did win the game. These days, this kind of remote exploit is a rare thing indeed. The far more likely scenario for today's pen tester is that you'll get some code executed, a shell pops up, and you feel all-powerful – until you realize that you only have the privileges of the lowly user of the computer who needs permission from the administrator to install software. You have...