Pen Test Privilege Escalation Through Suspended Virtual Machines

[Editor’s Note: Mark Baggett has a really clever and useful set of penetration testing tips in this blog entry on post-exploitation techniques to plunder suspended guest virtual machines for credentials.  It’s a nifty idea, eminently useful in an ethical hacking project, and Mark highlights exactly the tools, steps, and commands needed.  Nice stuff, Mark!  –Ed.]

Privilege Escalation through Suspended VMs

by Mark Baggett

You, my penetration testing friend, have just successfully exploited a target organization administrator’s workstation in your latest ethical hacking project.  However, it appears that target system personnel are doing all the right things.   The domain administrator does not use his administrative accounts on the compromised workstation and they have patched their computers against all known privilege-escalation attacks.    The result is that your shell is running under the context of the current non-administrative user.   You have access to the files on the local drive and access to processes running under his security context, but not much else.    As you browse the hard drive, you can find several VMware Virtual Machine images including machines that probably have the same administrative passwords as the Host machine.   So, you decide to pull the password hashes from those virtual machines and use those to attack the host. Continue reading Pen Test Privilege Escalation Through Suspended Virtual Machines