Penetration Test

Privilege Escalation(Windows)

Cpassword - Group Policy Preference attribute that contains passwords
- SYSVOL folder of the Domain Controller (encrypted XML)
Clear text credentials in LDAP(Lightweight Directory Access Protocol)
Kerberoasting - Domain users can query Kerberos tickets for other users
Credentials in LSASS(Local Security Authority Subsystem Service)
- Enforces security policy
Unattended installation
- PXE (Preboot Execution Environment) credentials
SAM database (Security Account Manager)
- Database that contains user passwords
DLL hijacking (Dynamic Link Library)
- Forcing a loader to load a malicious DLL

Cpassword and LDAP credentials may contain valuable credentials
PXE(Preboot Execution Environment) credentials can be used to access system as an authorized user
DLL hijacking is an attack vector that could allow an attacker to load malware

相信未来 - 该面对的绝不逃避，该执著的永不怨悔，该舍弃的不再留念，该珍惜的好好把握。

相关阅读:
error_reporting(“E_ALL”)和ini_set(“display_errors”, “on”)的区别?
linux命令awk的详解
Ubuntu 能PING IP但不能PING主机域名的解决方法
从github checkout子文件夹
zuul简单使用
docker for windows 10 添加阿里云镜像仓库无效问题
Spring Boot 进行Bean Validate和Method Validate
JVM调优-GC参数
Spring Aop: 关于继承和execution target this @annotation
ReentrantLock原理

原文地址：https://www.cnblogs.com/keepmoving1113/p/13907381.html