🪟Windows Privilege Escalation

This section covers techniques, tools, and methods to escalate privileges on Windows systems during penetration testing. Windows privilege escalation is a critical component of the OSCP exam and real-world pentests.

Key Areas Covered

• Enumeration - Collecting system information for privilege escalation vectors

• Credential Hunting - Finding stored passwords and credentials

• Service Exploitation - Exploiting vulnerable services and misconfigurations

• Token Impersonation - Leveraging Windows token privileges

• Registry Exploits - Exploiting registry-based vulnerabilities

• Scheduled Tasks - Exploiting scheduled tasks and jobs

• Kernel Exploits - Using Windows kernel vulnerabilities

• UAC Bypass - Bypassing User Account Control

• Windows Persistence - Maintaining access to compromised systems

• Windows Privilege Escalation Checklist - Comprehensive checklist of attack vectors

Automated Tools

• PowerUp: PowerShell script for Windows privilege escalation checks

• WinPEAS: Windows Privilege Escalation Awesome Script

• Bloodhound: Active Directory reconnaissance tool

• PowerView: PowerShell tool for network/AD reconnaissance

• SharpUp: C# port of PowerUp

External Resources

• PayloadsAllTheThings - Windows Privilege Escalation

• HackTricks - Windows Local Privilege Escalation

• Absolomb's Windows Privilege Escalation Guide

• Fuzzy Security Windows Privilege Escalation

Disclaimer

These techniques are documented for educational purposes and should only be used in legitimate, authorized penetration testing activities. Always ensure you have proper authorization before performing privilege escalation attempts.