# System/Host Based Attacks

> **⚡ Prerequisites**
>
> * Basic familiarity with Linux & Windows
> * Basic familiarity with TCP & UDP
>
> **📕 Learning Objectives**
>
> * Understand, identify and exploit **Windows & Linux vulnerabilities**
> * Perform **privilege escalation**
> * Identity and exploit **file system vulnerabilities**
> * Understand **credentials storage** and password **hashes dumping**
>
> **🔬 Training list - PentesterAcademy/INE Labs**
>
> `subscription required`
>
> * [IIS Service Win Exploitation](https://attackdefense.com/listing?labtype=windows-service-exploitation\&subtype=windows-service-exploitation-iis)
> * [SMB Service Win Exploitation](https://attackdefense.com/listing?labtype=windows-service-exploitation\&subtype=windows-service-exploitation-smb)
> * [RDP Service Win Exploitation](https://attackdefense.com/listing?labtype=windows-service-exploitation\&subtype=windows-service-exploitation-rdp)
> * [WINRM Service Win Exploitation](https://attackdefense.com/listing?labtype=windows-service-exploitation\&subtype=windows-service-exploitation-winrm)
> * [Basic Windows Privesc](https://attackdefense.com/listing?labtype=windows-priv-esc\&subtype=windows-priv-esc-basic)
> * [UAC Bypass Win Privesc](https://attackdefense.com/listing?labtype=advanced-priv-esc-windows\&subtype=advanced-priv-esc-windows-uac-bypass)
> * [Win Post Exploitation with Metasploit](https://attackdefense.com/listing?labtype=windows-post-exploitation\&subtype=windows-post-exploitation-metasploit)
> * [Linux Exploitation](https://attackdefense.com/listing?labtype=linux-security-exploitation\&subtype=linux-security-exploitation-getting-started)
> * [Basic Linux Privesc](https://attackdefense.com/listing?labtype=linux-security-priv-esc\&subtype=linux-security-priv-esc-basic)
> * [Password Cracking Linux Exploitation](https://attackdefense.com/listing?labtype=linux-security-exploitation\&subtype=linux-security-exploitation-password-cracking)

🗒️ **System or Host based attacks** are attacks targeted towards specific systems oh hosts. They are about *exploiting vulnerabilities within Windows and Linux operating systems*, running on (internal) servers, workstations, laptops, etc.

* During a penetration test, host based attacks are applied after the target network is accessed.
* Focus on exploiting inherent vulnerabilities within the target O.S.
* Understand the target O.S. and its misconfigurations to stage an attack consisting of exploiting vulnerabilities, elevate local privileges, perform password cracking and lateral movement, etc.

Jump to the specific O.S. attacks section to delve into each topic:

* 👉 [🪟 Windows Attacks](https://blog.syselement.com/ine/courses/ejpt/hostnetwork-penetration-testing/1-system-attack/windows-attacks)
* 👉 [🐧 Linux Attacks](https://blog.syselement.com/ine/courses/ejpt/hostnetwork-penetration-testing/1-system-attack/linux-attacks)