Index for Windows Privilege Escalation
Guides to have at hand
- HackTricks. Written by the creator of WinPEAS and LinPEAS.
- Vulnhub PrivEsc Cheatsheet.
- s0cm0nkey's Security Reference Guide.
This is a nice summary related to Local Privilege Escalation by @s4gi_:
Enumeration scripts
Enumeration scripts
Privilege escalation techniques
Techniques
- Services:
- DLL Hacking.
- Uniqued Path.
- Named Pipes.
- Registry.
- Windows binaries: LOLBAS.
- bin Path.
- Abusing a service with PowerUp.ps1
- Kernel.
- Password Mining:
- Cached SAM.
- Cached LSASS.
- Pass The Hash.
- Configuration files: unattend.xml, SiteList.xml, web.config, vnc.ini.
- Logs.
- Credentials in recently accessed files/executed commands
- Memory: mimiktenz, Process Dump (minidump).
- .rdp Files.
- Registry: HKCU\Software\USERNAME\PuTTY\Sessions, AutoLogon, VNC.
- Registry:
- Autorun.
- AlwaysInstallElevated
- Scheduled Tasks:
- Binary Overwrite.
- Missing binary.
- Hot Potato.
- Startup Applications