Activities on the compromised local system
It is usually possible to get guest or user access to a system. Frequently, the attacker's ability to access important information will be limited by reduced privilege levels. Therefore, a common post-exploitation activity is to escalate access privileges from guest to user to administrator and, finally, to SYSTEM. This upward progression of gaining access privileges is usually referred to as vertical escalation.
The user can implement several methods to gain advanced access credentials, including the following:
- Employ a network sniffer and/or keylogger to capture transmitted user credentials (
dsniff
is designed to extract passwords from live transmissions or a PCAP file that has been saved from a Wireshark ortshark
session). - Perform a search for locally stored passwords. Some users collect passwords in an email folder (frequently called
passwords
). Since password reuse and simple password construction systems are common, the passwords that are found...