A penetration tester has gained access to a target system using default credentials.

Once initial access is obtained—especially through weak or default credentials—the CEH system hacking methodology directs the tester to proceed to privilege escalation. The objective is to elevate user-level access to administrative or system-level privileges so the attacker can perform unrestricted actions such as installing tools, modifying configurations, accessing protected files, and pivoting laterally. CEH materials emphasize using privilege escalation vulnerabilities, such as misconfigured services, kernel exploits, unpatched local privilege escalation flaws, weak file permissions, and token impersonation. A denial-of-service attack is counterproductive and does not support post-exploitation goals. XSS is a web application attack vector and unrelated to operating system privilege manipulation. Brute-forcing the root password is noisy, slow, and unnecessary when authenticated access is already established. Therefore, exploiting a known local privilege escalation vulnerability is the appropriate CEH-aligned next step.