Windows Privilege Escalation: Movin' on Up!¶
Previously, I wrote a bit about the process of kerberoasting and utilizing Bloodhound and other tools for Windows penetration testing. Because those topics are covered elsewhere, this one will cover different tools and techniques that were not in the kerberoasting post.
For this post, I am continuing an exploit that began from a XSS vulnerability and was exploited through BeEF. It picks up where the BeEf post left off with having just exploited the Windows box with a very unstable Windows shell.
Migrating Processes¶
The first step we want to do is get ourselves out of an unstable shell by migrating to a process owned by the user we're impersonating.