In this chapter, we looked at the methodology of escalating privileges and explored different methods and tools that can be utilized to achieve our goal penetration test goal.
We first started with common system-level privilege escalation by exploiting
bypassuac and also by utilizing existing Windows-scheduled tasks.
We focused on utilizing Meterpreter to gain system-level control and later we took a detailed look at utilizing the Empire tool; then we harvested the credentials by using password sniffers on the network. We also utilized Responder and SMB relay attacks to gain remote system access, and we used Responder to capture the passwords of different systems on a network that utilizes SMB.
We completely compromised an Active Directory using a structured approach. Finally, we exploited access rights in an Active Directory by using an Empire PowerShell and a compromised Kerberos account and performed a golden-ticket attack utilizing the Empire tool...