hacktricks/windows/checklist-windows-privilege-escalation.md
2020-08-19 11:51:33 +00:00

8.9 KiB
Raw Blame History

Checklist - Local Windows Privilege Escalation

Best tool to look for Windows local privilege escalation vectors: WinPEAS****

System Info

Logging/AV enumeration

****User Privileges

Network

Running Processes

Services

****Applications****

DLL Hijacking

  • Can you write in any folder inside PATH?
  • Is there any known service binary that tries to load any non-existant DLL?
  • Can you write in any binaries folder?

Network

  • Enumerate the network(shares, interfaces, routes, neighbours...)
  • Take a special look to network services listing on local 127.0.0.1

Windows Credentials

Files and Registry (Credentials)

Leaked Handlers

  • Have you access to any handler of a process run by administrator?

Pipe Client Impersonation

  • Check if you can abuse it

And more...

If you want to know about my latest modifications/additions or you have any suggestion for HackTricks or PEASS, join the PEASS & HackTricks telegram group here.
If you want to share some tricks with the community you can also submit pull requests to ****https://github.com/carlospolop/hacktricks ****that will be reflected in this book.
Don't forget to give on the github to motivate me to continue developing this book.

Buy me a coffee here****