December 19, 2021 | 21:56
INE Lab - From XSS to Domain Admin
This lab starts by exploiting a stored XSS vulnerability and a vulnerable Java browser plugin to get a (unprivileged) remote shell on one of the company’s internal network machines.
In a next step, using the socalled Group Policy Preferences (GPP) vulnerability, it’s possible to get local administrator credentials. Bypassing UAC allows to further escalate the privileges to SYSTEM and force a domain administrator to login to the machine, by preventing an importing application to work,so that the user will contact IT support.
Read more