Horizontal escalation and lateral movement
In horizontal escalation, the attacker retains their existing credentials but uses them to act on a different user's account. For example, a user on compromised system attacks a user on system B in an attempt to compromise them.
The user can implement several methods to gain advanced access credentials, including the following.
Compromising domain trusts and shares
In this section, we discuss the domain hierarchies that can be manipulated and take advantage of the features that are being implemented on Active Directory.
Attackers normally utilize Windows Credential Editor (WCE) to add, change, list, and obtain NT/LM hashes, and list logon sessions. WCE can be downloaded from http://www.ampliasecurity.com/research/windows-credentials-editor/.
Using the meterpreter shell, you can upload WCE.exe to the system that is compromised, as shown in the following screenshot. Once the file is uploaded to the system, run the shell command to see whether WCE is successful...
