Learn how to escalate your privileges on Windows and Linux systems

This book is a comprehensive guide on the privilege escalation process for Windows and Linux systems and is designed to be practical and hands-on by providing the reader with real world exercises and scenarios in the form of vulnerable environments and virtual machines.

Key Features

• Learn how to perform local enumeration on Windows & Linux systems.
• Understand the key differences between elevating privileges on Windows and Linux systems.
• Learn how to identify privilege escalation vectors on Windows & Linux systems.
• Learn how to elevate your privileges on Windows and Linux systems by leveraging various tools and techniques.

Privilege escalation is a vital element of the attack life cycle and is a major determinant in the overall success of a penetration test. The importance of privilege escalation in the penetration testing process cannot be overstated or overlooked. Developing your privilege escalation skills will mark you out as a good penetration tester. The ability to enumerate information from a target system and utilize this information to identify potential misconfigurations and vulnerabilities that can be exploited to elevate privileges is an essential skill set for any penetration tester.

The book uses virtual environments that you can download to test and run tools and techniques. Each chapter will feature an exploitation challenge in the form of pre-built virtual machines (VMs). As you progress, you will learn how to enumerate and exploit vulnerabilities on Linux or Windows systems in order to elevate your privileges.

By the end of this book, you will have gained the skills you need to be able to perform local enumeration in order to identify privilege escalation vectors on Windows and Linux systems and how to exploit them in order to elevate your privileges.

What you will learn

• Understand the privilege escalation process and how it differs from Windows to Linux
• Learn how to set up a virtual penetration testing lab
• Gain an initial foothold on the system
• Perform local enumeration on target systems
• Exploit kernel vulnerabilities on Windows and Linux systems
• Perform privilege escalation through password looting and finding stored credentials
• Get to grips with performing impersonation attacks
• Exploit Windows services such as the secondary logon handle service to escalate Windows privileges
• Escalate Linux privileges by exploiting scheduled tasks and SUID binaries

Who this book is for?

This Windows and Linux privilege escalation book is for intermediate-level cybersecurity students and pentesters who are interested in learning how to perform various privilege escalation techniques on Windows and Linux systems, which includes exploiting bugs, design flaws, and more. An intermediate-level understanding of Windows and Linux systems along with fundamental cybersecurity knowledge is expected.

Table of Contents

1. Introduction to Privilege Escalation
2. Setting Up Our Lab
3. Gaining Access (Exploitation)
4. Performing Local Enumeration
5. Windows Kernel Exploits
6. Impersonation Attacks
7. Windows Password Mining
8. Exploiting Services
9. Privilege Escalation through the Windows Registry
10. Linux Kernel Exploits
11. Linux Password Mining
12. Scheduled Tasks
13. Exploiting SUID Binaries

About the Author

Alexis Ahmed is an experienced penetration tester and security researcher with over 7 years of experience in the cybersecurity industry. He started off his career as a Linux system administrator and soon discovered a passion and aptitude for security and transitioned into a junior penetration tester. In 2017, he founded HackerSploit, a cybersecurity consultancy that specializes in penetration testing and security training, where he currently works as a senior penetration tester and trainer. Alexis has multiple cybersecurity certifications, ranging from the CEH and Sec+ to OSCP, and is a certified ISO 27001 associate. He is also an experienced DevSecOps engineer and helps companies secure their Docker infrastructure.