In this chapter, we looked at the methodology of escalating privileges and explored different methods and tools that can be utilized to achieve our goal penetration test goal.

We first started with common system-level privilege escalation by exploiting ms18_8120_win32k_privesc using bypassuac and also by utilizing existing Windows-scheduled tasks.

We focused on utilizing Meterpreter to gain system-level control and later we took a detailed look at utilizing the Empire tool; then we harvested the credentials by using password sniffers on the network. We also utilized Responder and SMB relay attacks to gain remote system access, and we used Responder to capture the passwords of different systems on a network that utilizes SMB.

We completely compromised an Active Directory using a structured approach. Finally, we exploited access rights in an Active Directory by using an Empire PowerShell and a compromised Kerberos account and performed a golden-ticket attack utilizing the Empire tool.

In the next chapter (Chapter 13, Command and Control), we will learn how attackers use different techniques to maintain access to the compromised system in line with the kill-chain methodology. We will also delve into how to exfiltrate data from internal systems to external systems.