Book Image

Privilege Escalation Techniques

By : Alexis Ahmed
5 (2)
Book Image

Privilege Escalation Techniques

5 (2)
By: Alexis Ahmed

Overview of this book

Privilege Escalation Techniques is a detailed guide to privilege escalation techniques and tools for both Windows and Linux systems. This is a one-of-a-kind resource that will deepen your understanding of both platforms and provide detailed, easy-to-follow instructions for your first foray into privilege escalation. The book uses virtual environments that you can download to test and run tools and techniques. After a refresher on gaining access and surveying systems, each chapter will feature an exploitation challenge in the form of pre-built virtual machines (VMs). As you progress, you will learn how to enumerate and exploit a target Linux or Windows system. You’ll then get a demonstration on how you can escalate your privileges to the highest level. By the end of this book, you will have gained all the knowledge and skills you need to be able to perform local kernel exploits, escalate privileges through vulnerabilities in services, maintain persistence, and enumerate information from the target such as passwords and password hashes.

Related Content you might be interested in

Current Title:

Small book image
Privilege Escalation Techniques
Alexis Ahmed
Nov, 2021 | 340 pages
Small book image
Metasploit Penetration Testing Cookbook
Monika Agarwal | Abhinav Singh | Nipun Jaswal | Daniel Teixeira
Feb, 2018 | 426 pages
Small book image
Metasploit Bootcamp
Nipun Jaswal
May, 2017 | 230 pages
Small book image
Metasploit 5.0 for Beginners
Sagar Rahalkar
Apr, 2020 | 246 pages
Table of Contents (18 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Code in Action
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1: Gaining Access and Local Enumeration
Section 1: Gaining Access and Local Enumeration
Free Chapter
2
Chapter 1: Introduction to Privilege Escalation
Chapter 1: Introduction to Privilege Escalation
What is privilege escalation?
How permissions and privileges are assigned
Understanding the differences between privilege escalation on Windows and Linux
Exploring the types of privilege escalation attack
Summary
3
Chapter 2: Setting Up Our Lab
Chapter 2: Setting Up Our Lab
Technical requirements
Designing our lab
Building our lab
Setting up Kali Linux
Summary
4
Chapter 3: Gaining Access (Exploitation)
Chapter 3: Gaining Access (Exploitation)
Technical requirements
Setting up Metasploit
Information gathering and footprinting
Gaining access
Summary
5
Chapter 4: Performing Local Enumeration
Chapter 4: Performing Local Enumeration
Technical requirements
Understanding the enumeration process
Windows enumeration
Linux enumeration
Summary
6
Section 2: Windows Privilege Escalation
Section 2: Windows Privilege Escalation
7
Chapter 5: Windows Kernel Exploits
Chapter 5: Windows Kernel Exploits
Technical requirements
Understanding kernel exploits
Kernel exploitation with Metasploit
Manual kernel exploitation
Summary
8
Chapter 6: Impersonation Attacks
Chapter 6: Impersonation Attacks
Technical requirements
Understanding Windows access tokens
Enumerating privileges
Token impersonation attacks
Escalating privileges via a Potato attack
Summary
9
Chapter 7: Windows Password Mining
Chapter 7: Windows Password Mining
Technical requirements
What is password mining?
Searching for passwords in files
Searching for passwords in Windows configuration files
Searching for application passwords
Dumping Windows hashes
Cracking Windows hashes
Summary
10
Chapter 8: Exploiting Services
Chapter 8: Exploiting Services
Technical requirements
Exploiting services and misconfigurations
Exploiting unquoted service paths
Exploiting secondary logon
Exploiting weak service permissions
DLL hijacking
Summary
11
Chapter 9: Privilege Escalation through the Windows Registry
Chapter 9: Privilege Escalation through the Windows Registry
Technical requirements
Understanding the Windows Registry
Exploiting Autorun programs
Exploiting the Always Install Elevated feature
Exploiting weak registry permissions
Summary
12
Section 3: Linux Privilege Escalation
Section 3: Linux Privilege Escalation
13
Chapter 10: Linux Kernel Exploits
Chapter 10: Linux Kernel Exploits
Technical requirements
Understanding the Linux kernel
Kernel exploitation with Metasploit
Manual kernel exploitation
Summary
14
Chapter 11: Linux Password Mining
Chapter 11: Linux Password Mining
Technical requirements
What is password mining?
Extracting passwords from memory
Searching for passwords in configuration files
Searching for passwords in history files
Summary
15
Chapter 12: Scheduled Tasks
Chapter 12: Scheduled Tasks
Technical requirements
Introduction to cron jobs
Escalation via cron paths
Escalation via cron wildcards
Escalation via cron file overwrites
Summary
16
Chapter 13: Exploiting SUID Binaries
Chapter 13: Exploiting SUID Binaries
Technical requirements
Introduction to filesystem permissions on Linux
Searching for SUID binaries
Escalation via shared object injection
Summary
Why subscribe?
17
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Gaining access

We can now get started with exploitation, which is the most exciting phase of the penetration testing life cycle. We have already identified our potential exploits on our target systems; therefore, we now need to run and test these exploits to gain our initial foothold.

The objective of the exploitation phase is to gain stable and persistent access to the target system, which will ensure that once a system is exploited, we will have persistent access even if the system is restarted.

Exploiting Metasploitable3

In the previous section, we were able to identify and verify the EternalBlue exploit as a potential access vector inside the Metasploitable3 host. Let's take a look at how we can use this exploit to gain access:

  1. The first step is to fire up msfconsole and search for the EternalBlue exploit module by running the following command:
    search eternalblue
  2. The module we will use is the exploit module named exploit/windows/smb/ms17_010_eternalblue...
Previous Section
End of Section 5
Next Section