Book Description
Learn how to escalate your privileges on Windows and Linux systems
This book is a comprehensive guide on the privilege escalation process for Windows and Linux systems and is designed to be practical and hands-on by providing the reader with real world exercises and scenarios in the form of vulnerable environments and virtual machines.
Key Features
- Learn how to perform local enumeration on Windows & Linux systems.
- Understand the key differences between elevating privileges on Windows and Linux systems.
- Learn how to identify privilege escalation vectors on Windows & Linux systems.
- Learn how to elevate your privileges on Windows and Linux systems by leveraging various tools and techniques.
Privilege escalation is a vital element of the attack life cycle and is a major determinant in the overall success of a penetration test. The importance of privilege escalation in the penetration testing process cannot be overstated or overlooked. Developing your privilege escalation skills will mark you out as a good penetration tester. The ability to enumerate information from a target system and utilize this information to identify potential misconfigurations and vulnerabilities that can be exploited to elevate privileges is an essential skill set for any penetration tester.
The book uses virtual environments that you can download to test and run tools and techniques. Each chapter will feature an exploitation challenge in the form of pre-built virtual machines (VMs). As you progress, you will learn how to enumerate and exploit vulnerabilities on Linux or Windows systems in order to elevate your privileges.
By the end of this book, you will have gained the skills you need to be able to perform local enumeration in order to identify privilege escalation vectors on Windows and Linux systems and how to exploit them in order to elevate your privileges.
What you will learn
- Understand the privilege escalation process and how it differs from Windows to Linux
- Learn how to set up a virtual penetration testing lab
- Gain an initial foothold on the system
- Perform local enumeration on target systems
- Exploit kernel vulnerabilities on Windows and Linux systems
- Perform privilege escalation through password looting and finding stored credentials
- Get to grips with performing impersonation attacks
- Exploit Windows services such as the secondary logon handle service to escalate Windows privileges
- Escalate Linux privileges by exploiting scheduled tasks and SUID binaries
Who this book is for?
This Windows and Linux privilege escalation book is for intermediate-level cybersecurity students and pentesters who are interested in learning how to perform various privilege escalation techniques on Windows and Linux systems, which includes exploiting bugs, design flaws, and more. An intermediate-level understanding of Windows and Linux systems along with fundamental cybersecurity knowledge is expected.
Table of Contents
- Introduction to Privilege Escalation
- Setting Up Our Lab
- Gaining Access (Exploitation)
- Performing Local Enumeration
- Windows Kernel Exploits
- Impersonation Attacks
- Windows Password Mining
- Exploiting Services
- Privilege Escalation through the Windows Registry
- Linux Kernel Exploits
- Linux Password Mining
- Scheduled Tasks
- Exploiting SUID Binaries
中文:
书名:Privilege Escalation Techniques: Learn the art of exploiting Windows and Linux systems
了解如何提升您在Windows和Linux系统上的权限
本书是一本关于Windows和Linux系统的权限提升过程的全面指南,旨在通过以易受攻击的环境和虚拟机的形式为读者提供现实世界中的练习和场景,使其具有实用性和实践性。
主要特点
- 了解如何在Windows和Linux系统上执行本地枚举。
- 了解提升Windows和Linux系统上的权限之间的主要区别。
- 了解如何识别Windows和Linux系统上的权限提升向量。
- 了解如何通过利用各种工具和技术提升您在Windows和Linux系统上的权限。
权限提升是攻击生命周期中的重要元素,也是渗透测试总体成功的主要决定因素。权限提升在渗透测试过程中的重要性怎么强调都不为过,也不能忽视。发展你的特权提升技能会让你成为一名优秀的渗透测试者。能够枚举来自目标系统的信息并利用这些信息识别潜在的错误配置和漏洞,从而提升权限,这是任何渗透测试员的基本技能集。
这本书使用您可以下载的虚拟环境来测试和运行工具和技术。每一章都将以预构建的虚拟机(VM)的形式介绍利用挑战。随着学习的进行,您将学习如何枚举和利用Linux或Windows系统上的漏洞来提升您的权限。
在本书结束时,您将掌握执行本地枚举以识别Windows和Linux系统上的权限提升向量所需的技能,以及如何利用它们来提升您的权限。
你将学到什么
- Understand the privilege escalation process and how it differs from Windows to Linux
- Learn how to set up a virtual penetration testing lab
- 在系统中获得初步的立足点
- 在目标系统上执行本地枚举
- 利用Windows和Linux系统上的内核漏洞
- 通过盗取密码和查找存储的凭据来执行权限提升
- 掌握如何执行模拟攻击
- 利用Windows服务(如Second Logon Handle服务)提升Windows权限
- 通过利用计划任务和SUID二进制文件提升Linux权限
Who this book is for?
这本关于Windows和Linux特权提升的书是为那些对学习如何在Windows和Linux系统上执行各种特权提升技术感兴趣的中级网络安全学生和初学者编写的,这些技术包括利用错误、设计缺陷等。需要对Windows和Linux系统有中等水平的了解,以及基本的网络安全知识。
目录表
- 权限提升简介
- 设置我们的实验室
- Gaining Access (Exploitation)
- Performing Local Enumeration
- Windows Kernel Exploits
- Impersonation Attacks
- Windows Password Mining
- Exploiting Services
- 通过Windows注册表提升权限
- Linux Kernel Exploits
- Linux Password Mining
- 计划任务
- Exploiting SUID Binaries
评论前必须登录!
注册