Index for Windows Privilege Escalation

Guides to have at hand

• HackTricks. Written by the creator of WinPEAS and LinPEAS.
• Vulnhub PrivEsc Cheatsheet.
• s0cm0nkey's Security Reference Guide.

This is a nice summary related to Local Privilege Escalation by @s4gi_:

Enumeration scripts

Enumeration scripts

• Windows Privilege Escalation Awesome Scripts: winPEAS tool.
• Seatbelt.
• JAWS.

Privilege escalation techniques

Techniques

• Services:
  • DLL Hacking.
  • Uniqued Path.
  • Named Pipes.
  • Registry.
  • Windows binaries: LOLBAS.
  • bin Path.
  • Abusing a service with PowerUp.ps1
• Kernel.
• Password Mining:
  • Cached SAM.
  • Cached LSASS.
  • Pass The Hash.
  • Configuration files: unattend.xml, SiteList.xml, web.config, vnc.ini.
  • Logs.
  • Credentials in recently accessed files/executed commands
  • Memory: mimiktenz, Process Dump (minidump).
  • .rdp Files.
  • Registry: HKCU\Software\USERNAME\PuTTY\Sessions, AutoLogon, VNC.
• Registry:
  • Autorun.
  • AlwaysInstallElevated
• Scheduled Tasks:
  • Binary Overwrite.
  • Missing binary.
• Hot Potato.
• Startup Applications

Privilege escalation tools

• CrackMapexex.
• mimikatz.

Last update: 2023-08-17
Created: February 2, 2023 19:36:50