hacktricks/windows-hardening/checklist-windows-privilege-escalation.md
2024-04-06 16:25:58 +00:00

11 KiB

Checklist - Local Windows Privilege Escalation

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

Try Hard Security Group

{% embed url="https://discord.gg/tryhardsecurity" %}


Best tool to look for Windows local privilege escalation vectors: WinPEAS

System Info

Logging/AV enumeration

Network

Running Processes

Services

Applications

DLL Hijacking

  • Can you write in any folder inside PATH?
  • Is there any known service binary that tries to load any non-existant DLL?
  • Can you write in any binaries folder?

Network

  • Enumerate the network (shares, interfaces, routes, neighbours, ...)
  • Take a special look at network services listening on localhost (127.0.0.1)

Windows Credentials

Files and Registry (Credentials)

Leaked Handlers

  • Have you access to any handler of a process run by administrator?

Pipe Client Impersonation

  • Check if you can abuse it

Try Hard Security Group

{% embed url="https://discord.gg/tryhardsecurity" %}

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks: