Privilege escalation is the process of going from a relatively low level of access rights to gaining the privileges of an administrator, the system, or even greater access privileges. It allows the penetration tester to own all aspects of a system's operations. More importantly, obtaining some access privileges will allow the tester to control all systems across a network. As vulnerability becomes more difficult to find and exploit, a significant amount of research has been conducted into privilege escalation as a means of ensuring a successful penetration test.

In this chapter, we will look at the following topics:

• Common escalation methodology
• Local system escalation
• DLL injection
• Credential harvesting through sniffing and escalation
• Golden ticket attack on Kerberos
• Active Directory access rights