hacktricks/windows-hardening/checklist-windows-privilege-escalation.md

152 lines
11 KiB
Markdown
Raw Normal View History

# Lista - Lokalno eskaliranje privilegija u Windows-u
2022-04-28 16:01:33 +00:00
<details>
2024-02-10 13:11:20 +00:00
<summary><strong>Naučite hakovanje AWS-a od nule do heroja sa</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
2022-04-28 16:01:33 +00:00
2024-02-10 13:11:20 +00:00
Drugi načini podrške HackTricks-u:
2022-04-28 16:01:33 +00:00
* Ako želite da vidite **vašu kompaniju reklamiranu na HackTricks-u** ili **preuzmete HackTricks u PDF formatu** Proverite [**PLANOVE ZA PRIJAVU**](https://github.com/sponsors/carlospolop)!
2024-02-10 13:11:20 +00:00
* Nabavite [**zvanični PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Otkrijte [**Porodicu PEASS**](https://opensea.io/collection/the-peass-family), našu kolekciju ekskluzivnih [**NFT-ova**](https://opensea.io/collection/the-peass-family)
2024-02-10 13:11:20 +00:00
* **Pridružite se** 💬 [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili nas **pratite** na **Twitter-u** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Podelite svoje hakovanje trikove slanjem PR-ova na** [**HackTricks**](https://github.com/carlospolop/hacktricks) i [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume.
2022-04-28 16:01:33 +00:00
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
### **Najbolji alat za traženje vektora eskalacije privilegija u lokalnom Windows-u:** [**WinPEAS**](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS)
2022-04-28 16:01:33 +00:00
2024-02-10 13:11:20 +00:00
### [Informacije o sistemu](windows-local-privilege-escalation/#system-info)
* [ ] Dobiti [**Informacije o sistemu**](windows-local-privilege-escalation/#system-info)
* [ ] Pretražiti **kernel** [**exploite koristeći skripte**](windows-local-privilege-escalation/#version-exploits)
* [ ] Koristiti **Google za pretragu** kernel **exploita**
* [ ] Koristiti **searchsploit za pretragu** kernel **exploita**
* [ ] Interesantne informacije u [**env varijablama**](windows-local-privilege-escalation/#environment)?
2024-02-10 13:11:20 +00:00
* [ ] Lozinke u [**PowerShell istoriji**](windows-local-privilege-escalation/#powershell-history)?
* [ ] Interesantne informacije u [**Internet postavkama**](windows-local-privilege-escalation/#internet-settings)?
2024-02-10 13:11:20 +00:00
* [ ] [**Diskovi**](windows-local-privilege-escalation/#drives)?
* [ ] [**WSUS exploit**](windows-local-privilege-escalation/#wsus)?
* [**AlwaysInstallElevated**](windows-local-privilege-escalation/#alwaysinstallelevated)?
### [Enumeracija Logging/AV](windows-local-privilege-escalation/#enumeration)
* [ ] Proveriti [**Audit** ](windows-local-privilege-escalation/#audit-settings)i [**WEF** ](windows-local-privilege-escalation/#wef)postavke
2024-02-10 13:11:20 +00:00
* [ ] Proveriti [**LAPS**](windows-local-privilege-escalation/#laps)
* [ ] Proveriti da li je [**WDigest** ](windows-local-privilege-escalation/#wdigest)aktivan
* [ ] [**LSA Protection**](windows-local-privilege-escalation/#lsa-protection)?
* [ ] [**Credentials Guard**](windows-local-privilege-escalation/#credentials-guard)[?](windows-local-privilege-escalation/#cached-credentials)
* [ ] [**Keširane lozinke**](windows-local-privilege-escalation/#cached-credentials)?
2024-02-10 13:11:20 +00:00
* [ ] Proveriti da li postoji neki [**AV**](windows-av-bypass)
* [**AppLocker Politika**](authentication-credentials-uac-and-efs#applocker-policy)?
* [**UAC**](authentication-credentials-uac-and-efs/uac-user-account-control)
* [**Korisničke privilegije**](windows-local-privilege-escalation/#users-and-groups)
* Proveriti [**trenutne** korisničke **privilegije**](windows-local-privilege-escalation/#users-and-groups)
* Da li ste [**član neke privilegovane grupe**](windows-local-privilege-escalation/#privileged-groups)?
* Proveriti da li su vam omogućeni neki od ovih tokena (windows-local-privilege-escalation/#token-manipulation): **SeImpersonatePrivilege, SeAssignPrimaryPrivilege, SeTcbPrivilege, SeBackupPrivilege, SeRestorePrivilege, SeCreateTokenPrivilege, SeLoadDriverPrivilege, SeTakeOwnershipPrivilege, SeDebugPrivilege** ?
* [**Korisničke sesije**](windows-local-privilege-escalation/#logged-users-sessions)?
* Proveriti [**korisničke direktorijume**](windows-local-privilege-escalation/#home-folders) (pristup?)
* Proveriti [**Politiku lozinke**](windows-local-privilege-escalation/#password-policy)
* Šta je [**unutar Clipboard-a**](windows-local-privilege-escalation/#get-the-content-of-the-clipboard)?
2024-02-10 13:11:20 +00:00
### [Mreža](windows-local-privilege-escalation/#network)
* Proveriti **trenutne** [**informacije o mreži**](windows-local-privilege-escalation/#network)
* Proveriti **skrivene lokalne servise** ograničene prema spolja
### [Pokrenuti procesi](windows-local-privilege-escalation/#running-processes)
* Dozvole fajlova i direktorijuma procesa [**file and folders permissions**](windows-local-privilege-escalation/#file-and-folder-permissions)
* [**Izvlačenje lozinki iz memorije**](windows-local-privilege-escalation/#memory-password-mining)
* [**Nesigurne GUI aplikacije**](windows-local-privilege-escalation/#insecure-gui-apps)
* Ukrasti akreditive sa **interesantnih procesa** putem `ProcDump.exe` ? (firefox, chrome, itd ...)
2024-02-10 13:11:20 +00:00
### [Servisi](windows-local-privilege-escalation/#services)
* [Možete li **modifikovati neki servis**?](windows-local-privilege-escalation#permissions)
* [Možete li **modifikovati** binarni fajl koji se **izvršava** od strane nekog **servisa**?](windows-local-privilege-escalation/#modify-service-binary-path)
* [Možete li **modifikovati** registar nekog **servisa**?](windows-local-privilege-escalation/#services-registry-modify-permissions)
* Da li možete iskoristiti neki od **servisa sa neispravnim putem binarnog fajla**? (windows-local-privilege-escalation/#unquoted-service-paths)
2024-02-10 13:11:20 +00:00
### [**Aplikacije**](windows-local-privilege-escalation/#applications)
2020-08-18 15:38:51 +00:00
* **Dozvole za pisanje na instalirane aplikacije**](windows-local-privilege-escalation/#write-permissions)
* [**Aplikacije koje se pokreću pri startovanju**](windows-local-privilege-escalation/#run-at-startup)
* **Ranjivi** [**Drajveri**](windows-local-privilege-escalation/#drivers)
### [DLL Hijacking](windows-local-privilege-escalation/#path-dll-hijacking)
2020-08-18 15:38:51 +00:00
* [ ] Možete li **pisati u bilo kojem folderu unutar PATH-a**?
* [ ] Postoji li poznati servisni binarni fajl koji **pokušava učitati nepostojeći DLL**?
* [ ] Možete li **pisati** u bilo kojem **folderu sa binarnim fajlovima**?
### [Mreža](windows-local-privilege-escalation/#network)
2024-02-10 13:11:20 +00:00
* [ ] Nabrojite mrežu (deljenje, interfejsi, rute, susedi, ...)
* [ ] Posebno obratite pažnju na mrežne servise koji slušaju na lokalnom računaru (127.0.0.1)
2024-02-10 13:11:20 +00:00
### [Windows Kredencijali](windows-local-privilege-escalation/#windows-credentials)
2024-02-10 13:11:20 +00:00
* [ ] [**Winlogon** ](windows-local-privilege-escalation/#winlogon-credentials)kredencijali
* [ ] [**Windows Vault**](windows-local-privilege-escalation/#credentials-manager-windows-vault) kredencijali koje možete koristiti?
* [ ] Interesantni [**DPAPI kredencijali**](windows-local-privilege-escalation/#dpapi)?
2024-02-10 13:11:20 +00:00
* [ ] Lozinke sačuvanih [**Wifi mreža**](windows-local-privilege-escalation/#wifi)?
* [ ] Interesantne informacije u [**sačuvanim RDP konekcijama**](windows-local-privilege-escalation/#saved-rdp-connections)?
* [ ] Lozinke u [**nedavno pokrenutim komandama**](windows-local-privilege-escalation/#recently-run-commands)?
* [ ] [**Upravljač kredencijalima za udaljenu radnu površinu**](windows-local-privilege-escalation/#remote-desktop-credential-manager) lozinke?
* [ ] [**AppCmd.exe** postoji](windows-local-privilege-escalation/#appcmd-exe)? Kredencijali?
* [ ] [**SCClient.exe**](windows-local-privilege-escalation/#scclient-sccm)? Učitavanje DLL-a sa strane?
2024-02-10 13:11:20 +00:00
### [Fajlovi i Registar (Kredencijali)](windows-local-privilege-escalation/#files-and-registry-credentials)
2024-02-10 13:11:20 +00:00
* [ ] **Putty:** [**Kredencijali**](windows-local-privilege-escalation/#putty-creds) **i** [**SSH host ključevi**](windows-local-privilege-escalation/#putty-ssh-host-keys)
2024-02-10 13:11:20 +00:00
* [ ] [**SSH ključevi u registru**](windows-local-privilege-escalation/#ssh-keys-in-registry)?
* [ ] Lozinke u [**neprisutnim fajlovima**](windows-local-privilege-escalation/#unattended-files)?
* [ ] Bilo kakav **SAM & SYSTEM** backup?
* [ ] [**Cloud kredencijali**](windows-local-privilege-escalation/#cloud-credentials)?
* [ ] Fajl [**McAfee SiteList.xml**](windows-local-privilege-escalation/#mcafee-sitelist.xml)?
* [**Keširana GPP lozinka**](windows-local-privilege-escalation/#cached-gpp-pasword)?
* Lozinka u [**IIS Web konfiguracionom fajlu**](windows-local-privilege-escalation/#iis-web-config)?
* Interesantne informacije u [**web** **logovima**](windows-local-privilege-escalation/#logs)?
* Da li želite da [**zatražite kredencijale**](windows-local-privilege-escalation/#ask-for-credentials) od korisnika?
* Interesantni [**fajlovi u Recycle Binu**](windows-local-privilege-escalation/#credentials-in-the-recyclebin)?
* Ostali [**registri koji sadrže kredencijale**](windows-local-privilege-escalation/#inside-the-registry)?
* Unutar [**Podataka pretraživača**](windows-local-privilege-escalation/#browsers-history) (baze podataka, istorija, obeleživači, ...)?
* [**Opšta pretraga lozinki**](windows-local-privilege-escalation/#generic-password-search-in-files-and-registry) u fajlovima i registru
* [**Alati**](windows-local-privilege-escalation/#tools-that-search-for-passwords) za automatsku pretragu lozinki
### [Procureni Handleri](windows-local-privilege-escalation/#leaked-handlers)
* [ ] Imate li pristup bilo kom handleru procesa pokrenutog od strane administratora?
### [Imitacija Klijenta Cevi](windows-local-privilege-escalation/#named-pipe-client-impersonation)
2024-02-10 13:11:20 +00:00
* [ ] Proverite da li možete zloupotrebiti to
2022-04-28 16:01:33 +00:00
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
2022-04-28 16:01:33 +00:00
<details>
<summary><strong>Naučite hakovanje AWS-a od početnika do stručnjaka sa</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
2022-04-28 16:01:33 +00:00
2024-02-10 13:11:20 +00:00
Drugi načini podrške HackTricks-u:
2022-04-28 16:01:33 +00:00
* Ako želite da vidite svoju **kompaniju reklamiranu na HackTricks-u** ili da **preuzmete HackTricks u PDF formatu** proverite [**PLANOVE ZA PRIJAVU**](https://github.com/sponsors/carlospolop)!
2024-02-10 13:11:20 +00:00
* Nabavite [**zvanični PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Otkrijte [**The PEASS Family**](https://opensea.io/collection/the-peass-family), našu kolekciju ekskluzivnih [**NFT-ova**](https://opensea.io/collection/the-peass-family)
* **Pridružite se** 💬 [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili nas **pratite** na **Twitteru** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Podelite svoje hakovanje trikove slanjem PR-ova na** [**HackTricks**](https://github.com/carlospolop/hacktricks) i [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume.
2022-04-28 16:01:33 +00:00
</details>