It is usually possible to get guest or user access to a system. Frequently, the attacker's ability to access important information will be limited by reduced privilege levels. Therefore, a common post-exploitation activity is to escalate access privileges from guest to user to administrator and, finally, to SYSTEM. This upward progression of gaining access privileges is usually referred to as vertical escalation.

The user can implement several methods to gain advanced access credentials, including the following:

• Employ a network sniffer and/or keylogger to capture transmitted user credentials (dsniff is designed to extract passwords from live transmissions or a PCAP file that has been saved from a Wireshark or tshark session).
• Perform a search for locally stored passwords. Some users collect passwords in an email folder (frequently called passwords). Since password reuse and simple password construction systems are common, the passwords that are found can be employed during the escalation process.
• NirSoft (www.nirsoft.net) produces several free tools that can be uploaded to the compromised system by using Meterpreter to extract passwords from the operating system and applications that cache passwords (mail, remote access software, FTP, and web browsers).
• Dump the SAM and SYSKEY files using Meterpreter.
• When some applications load, they read dynamic link library (DLL) files in a particular order. It is possible to create a fake DLL with the same name as a legitimate DLL, place it in a specific directory location, and have the application load and execute it, resulting in elevated privileges for the attacker.
• Apply an exploit that uses a buffer overflow or other means to escalate privileges.
• Execute the getsystem script, which will automatically escalate administrator privileges to the SYSTEM level, from the Meterpreter prompt.