Abusing vulnerable software

Attack tree

1 Abuse vulnerable software
    1.1 Vulnerability in software
    1.2 Available exploit

Example

  1. Use the wmic tool to list software installed on the target system and its versions:

  2. Search for existing exploits on the installed software online on sites like exploit-db, packet storm or Google.

  3. Exploit

Notes

Software installed on the target system can present various privilege escalation opportunities. As with drivers, organisations and users may not update them as often as they update the operating system.