Penetration Test - Select Your Attacks(15)

Privilege Escalation(Windows)

WINDOWS-SPECIFIC PRIVILEGE ESCALATION
  • Cpassword - Group Policy Preference attribute that contains passwords
    • SYSVOL folder of the Domain Controller (encrypted XML)
  • Clear text credentials in LDAP(Lightweight Directory Access Protocol)
  • Kerberoasting - Domain users can query Kerberos tickets for other users
  • Credentials in LSASS(Local Security Authority Subsystem Service)
    • Enforces security policy
  • Unattended installation
    • PXE (Preboot Execution Environment) credentials
  • SAM database (Security Account Manager)
    • Database that contains user passwords
  • DLL hijacking (Dynamic Link Library)
    • Forcing a loader to load a malicious DLL
QUICK REVIEW
  • Cpassword and LDAP credentials may contain valuable credentials
  • PXE(Preboot Execution Environment) credentials can be used to access system as an authorized user
  • DLL hijacking is an attack vector that could allow an attacker to load malware
上一篇:在Windows中以编程方式禁用密码复杂性


下一篇:微信小程序获取openid用springboot