Post-Escalation and Persistence

2 min read Security Careers & Certifications

Post-Escalation and Persistence

Successful privilege escalation requires immediate actions securing continued access. Create backup persistence mechanisms before attempting system modifications that might trigger detection. Add SSH keys to root's authorized_keys, create new privileged users, or establish reverse shell cron jobs. Multiple persistence methods ensure maintained access if primary methods fail.

Credential harvesting from privileged contexts enables lateral movement and domain compromise. Extract password hashes from /etc/shadow for offline cracking. Search for stored credentials in configuration files, scripts, or memory. Database credentials, API keys, and certificates provide additional access vectors. Systematic post-exploitation ensures maximum value from achieved privileges.

Mastering Linux privilege escalation requires combining systematic enumeration with creative thinking and deep system understanding. Through patient analysis of system configurations, identification of misconfigurations and vulnerable software, and careful exploitation of discovered weaknesses, low-privileged access transforms into complete system control. The techniques covered—from SUID abuse through container escapes—provide comprehensive arsenals for tackling diverse Linux environments. Practice these methods extensively, as privilege escalation skills often determine the difference between partial and complete compromise during both OSCP examinations and real-world engagements.## Windows Privilege Escalation and Post-Exploitation

Windows privilege escalation presents unique challenges and opportunities distinct from Linux environments, requiring specialized knowledge of Windows security architecture, service configurations, and authentication mechanisms. The prevalence of Windows in enterprise environments makes these skills essential for penetration testers, with OSCP examinations frequently featuring Windows machines demanding creative escalation techniques. Understanding Windows-specific vulnerabilities, from unquoted service paths to token manipulation, transforms limited user access into complete system compromise.

Post-exploitation activities on Windows systems extend beyond simple privilege escalation to include credential harvesting, lateral movement preparation, and persistence establishment. The interconnected nature of Windows domains means a single compromised system often provides pathways to complete network domination. This chapter develops systematic approaches to Windows privilege escalation while building skills for effective post-exploitation in enterprise environments.