Gary Jones
Gary Jones
Privilege EscalationChiselProxychainsData ExfiltrationCybersecurity

Exploiting Vulnerabilities to Elevate Privileges and Access Sensitive Data

Exploiting Vulnerabilities to Elevate Privileges and Access Sensitive Data
0 views
3 min read
#Privilege Escalation#Chisel#Proxychains#Data Exfiltration#Cybersecurity
Table Of Content

Exploiting Vulnerabilities to Elevate Privileges and Access Sensitive Data

Situation:

This exercise aimed to demonstrate pivoting techniques to access a target host (books.artstailor.com), elevate privileges to NT AUTHORITY/SYSTEM, and exfiltrate sensitive data. The exercise involved identifying and exploiting vulnerabilities, using Windows commands to gain access, and extracting data from specific directories.

Obstacles:

  1. Account Lockout Risks:
    • Exploiting the /reset command to avoid account lockouts during the privilege escalation process.
  2. File Access Restrictions:
    • Bypassing file ownership and permissions to access restricted files.
  3. Multi-System Navigation:
    • Pivoting through costumes.artstailor.com to reach books.artstailor.com while maintaining session stability.

Actions Taken:

  1. Access Setup:
    • Established a remote desktop session to books.artstailor.com through a Chisel proxy configured on costumes.artstailor.com.
    • Utilized the /reset command to ensure persistent access during the operation.
  2. Privilege Escalation:
    • Ran the net user command to change the Localadmin account password to Password123, enabling administrator-level access.
  3. User Enumeration:
    • Navigated the Users directory to list all user accounts on the system.
  4. File Discovery:
    • Executed the tree command to locate directories and files of interest, identifying:
      • UsefulFacts: Located in n.nomen-applications.
      • creds.txt: Found in t.turing-documents.
  5. File Access:
    • Used takeown to change file ownership and icacls to adjust permissions, enabling access to the identified files.
  6. Exfiltration:
    • Extracted and analyzed the contents of the files for sensitive data.

Results:

  1. Vulnerability Exploited:
    • The /reset command allowed for continuous access without the risk of account lockout.
    • Weak file permissions enabled unauthorized access to sensitive files.
  2. Data Retrieved:
    • UsefulFacts: Found under n.nomen-applications.
    • creds.txt: Found under t.turing-documents.
  3. Risk Level:
    • Critical: Escalated privileges and unauthorized access to sensitive information pose significant security risks.

Tool Purpose Overview:

Chisel:

  • Used to create a SOCKS proxy for pivoting to internal systems.

Proxychains:

  • Configured to route traffic through the Chisel proxy, enabling secure access to books.artstailor.com.

net user:

  • Command used to modify user account privileges, enabling administrator access.

takeown:

  • Command to take ownership of restricted files.

icacls:

  • Used to modify file permissions, allowing access to protected data.

Recommendations:

  1. Enforce Strong Password Policies:
    • Require complex passwords for all accounts, avoiding easily guessed patterns like Password123.
  2. Restrict /reset Command Usage:
    • Limit access to administrative commands and enforce logging for command usage.
  3. Audit File Permissions:
    • Regularly review and restrict file ownership and access permissions for sensitive data.
  4. Strengthen Network Segmentation:
    • Isolate critical systems to reduce risks from compromised pivot points.

View PDF Document