Abusing vulnerable software¶

1. Vulnerability in software

2. Available exploit

Example¶

1. Use the wmic tool to list software installed on the target system and its versions:

2. Search for existing exploits on the installed software online on sites like exploit-db, packet storm or Google.

3. Exploit

Notes¶

Software installed on the target system can present various privilege escalation opportunities. As with drivers, organisations and users may not update them as often as they update the operating system.

Counter moves¶

Vulnerable installed software is a local escalation path. Patching and removing unneeded privileged software are the counters. The defensive counterpart is in the blue notes on the gap between access and authority.