Having
access to a target does not guarantee accomplishing the goal of a penetration assignment.
In many cases, exploiting a vulnerable system may only give limited access to a
target's data and resources. The attacker must escalate privileges granted to
gain the access required to capture the flag, which could be sensitive data,
critical infrastructure, and so on.
Privilege Escalation can include
identifying and cracking passwords, user accounts, and unauthorized IT space.
An example is achieving limited user access, identifying a shadow file
containing administration login credentials, obtaining an administrator password
through password cracking, and accessing internal application systems with
administrator access rights.
Kali Linux
includes a number of tools that can help gain Privilege Escalation through the Password Attacks and Exploitation Tools catalog.
Since most of these tools include methods to obtain initial access and
Privilege Escalation, they are gathered and grouped according to their
toolsets.
The
following is a list of Privilege Escalation goals:
- Obtain escalated level access to system(s) and network(s)
- Uncover other user account information
- Access other systems with escalated privileges
- Document findings
No comments:
Post a Comment