Privilege escalation on Windows
As we saw in the previous section, on a Windows system, the user with the highest privileges is known as the administrator. Once we compromise a system using any of the available exploits, our aim should be to elevate the user privileges to that of the administrator.
The following screenshot shows an exploitation of the ms08_067_netapi
vulnerability with Windows XP as the target. Metasploit successfully exploited the vulnerability and gave a meterpreter session, as shown in the following screenshot:
The meterpreter provides us with the ability to escalate privileges. The getsystem
command is specifically used for privilege escalation on the compromised Windows system. The following screenshot shows the use of the getsystem
command in order to get the administrator-level privileges on the target system: