In this chapter, we looked at the methodology of escalating privileges and explored different methods and tools that can be utilized to achieve our goal penetration test goal.
We first started with common system-level privilege escalation by exploiting ms18_8120_win32k_privesc using bypassuac and also by utilizing existing Windows-scheduled tasks.
We focused on utilizing Meterpreter to gain system-level control and later we took a detailed look at utilizing the Empire tool; then we harvested the credentials by using password sniffers on the network. We also utilized Responder and SMB relay attacks to gain remote system access, and we used Responder to capture the passwords of different systems on a network that utilizes SMB.
We completely compromised an Active Directory using a structured approach. Finally, we exploited access rights in an Active Directory by using an...