Horizontal escalation and lateral movement
In horizontal escalation, the attacker retains their existing credentials but uses them to act on a different user's account. For example, a user on compromised system A attacks a user on system B in an attempt to compromise them.
The horizontal move that attackers would utilize is from the compromised system. This is used to extract the hashes of common usernames such as ITsupport, LocalAdministrators, or known default user administrators to escalate the privileges horizontally on all the available systems that are connected to the same domain. For example, here, we will use CME to run the same password hashes across an IP range to dump all of the passwords on a hacker-controlled shared drive:
crackmapexec smb 192.168.0.0/24 -u administrator -d local -H aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b --sam
The following screenshot provides the output of SAM dump being run on an entire IP ranges to extract SAM password hashes without...