Privilege Escalation without Automated Tools 2023
This article is about Privilege Escalation without Automated Tools.
Introducton to Privilege Escalation without Automated Tools:
This book serves as an introduction for those who know how to use Metasploit and don’t know what’s going on behind the scenes.
If you can’t judge your level of knowledge, see if any of the following questions come to mind. If so, this book is for you.
- How to use publicly available exploits?
- How to modify these public exploits specific to our needs?
- What would it be like if the Metasploit Framework didn’t exist?
- How to bypass UAC in Windows 7 without Metasploit?
- How to escalate standard user/admin privileges to SYSTEM without “getsystem”?
- How to upload files to target computers without Meterpreter?
- How to download files from target computers without Meterpreter?
- How to dump passwords from target computers without Meterpreter?
There are many tutorials on the internet that show how to use Metasploit and its Meterpreter as penetration testing tools. The Meterpreter payload is a part of the Metasploit Framework that is often used in post-exploitation. This is popular for its capabilities such as privilege escalation from standard or administrative user to SYSTEM, storing hashes, etc. The best part is that it can be achieved by just running a few commands.
Many people don’t understand how these techniques are actually implemented, which is a key part of learning penetration testing. However, most of these techniques are covered here and there, I rarely see a place where all these things are brought together to show how we can chain them together to make a successful attack.
This book is an attempt to fill this gap by showing the concepts of penetration testing without using automated tools like Metasploit/Meterpreter. We will discuss topics like getting reverse shells, finding publicly available exploits, customizing them to our needs, escalating permissions, saving passwords, all using only a low-privilege remote shell. The focus is more on post exploitation.
Note: The techniques presented here may not be universally the same for other platforms. However, the idea here is to show you a methodology that can be used. This is explained using two specific scenarios.
Also read[Privilege Escalation without Automated Tools]:Everything you need to know about Ethical Hacking as a Career by Blackhat Pakistan 2023