Practical kernel attacks with Kali
We have enough background to sit down with Kali and fire off our attack at a vulnerable Windows target. At this point, you should fire up your Windows 7 VM. However, we’re doing two stages in this demonstration because the attack is local. So far, we’ve been examining attacks that get us in. This time, we’re already in. To the layperson, this sounds like the game is already won, but don’t forget that modern OSs are layered. There was a golden age when remote exploits landed you full SYSTEM privilege on a target Windows box. These days, this kind of remote exploit is a rare thing indeed. The far more likely scenario for today’s pen tester is that you’ll get some code executed, a shell pops up, and you feel all-powerful – until you realize that you only have the privileges of the lowly user of the computer who needs permission from the administrator to install software. You have your foothold...
