Book Image

Advanced Penetration Testing

By : Wil Allsopp
Book Image

Advanced Penetration Testing

By: Wil Allsopp

Overview of this book

Today's threats are organized, professionally-run, and very much for-profit. Advanced Penetration Testing?goes beyond Kali Linux and Metasploit and to provide you advanced pen testing for high security networks. This book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures. By the end of this book, you’ll be in a position to detect threats and defend your high security network.
Table of Contents (13 chapters)
Free Chapter
Title Page
End User License Agreement

Privilege Escalation in Microsoft Windows

When command execution has been obtained on a target workstation, the first goal, generally speaking, is to escalate one's privileges to obtain the highest permissions possible locally. This allows you to obtain password hashes, modify the host's configuration, use raw sockets, and generally make network colonization smoother. You might get lucky and land on a workstation where the users already have elevated privileges due to their role or simply through poor security policies, but I'll assume you're stuck in userland and need administrative permissions. Broadly speaking, privilege escalations do one of two things: they exploit vulnerable software or exploit vulnerable configurations. This section is by no means complete or intended to be. The following can be divided into various loose categories, but here I will divide the attention as follows:

  • Local exploit—Some software needs to be able to run with elevated privileges...