Attacking Hosts
Throughout this book you have learned exploitation techniques that target applications and services, along with a variety of attack methods ranging from network-centric attacks to social-engineering staff members at your target organization. Now you have arrived at the last major exploit target: individual systems.
Targeting hosts relies on a combination of the techniques you have learned in this book. First, you need to know the type of system you are targeting and any vulnerabilities it may have. Then you can determine the attack techniques and exploits that are most likely to succeed. Unfortunately, once you find your way past a host’s security protections, you will often find yourself in an account or service with limited privileges.
Escalating privileges and gathering additional information like user IDs and hashed passwords, as well as exploring systems for poorly secured, mismanaged, or default configurations and employing a variety of other attacks, all...