Windows Privilege Escalation

Privilege Escalation is the exploitation of a vulnerability, design flaw, or misonfiguration in an operating system or application to gain unauthorized access to resources that are usually restricted from the users.

Tools and Resources

Executables

• WinPEAS - https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS

• Watson - https://github.com/rasta-mouse/Watson

• SharpUp - https://github.com/GhostPack/SharpUp

• Seatbelt - https://github.com/GhostPack/Seatbelt

PowerShell

• Sherlock - https://github.com/rasta-mouse/Sherlock

• PowerUp - https://github.com/PowerShellMafia/PowerSploit/tree/master/Privesc

• JAWS - https://github.com/411Hall/JAWS

• PrivescCheck - itm4n/PrivescCheck: Privilege Escalation Enumeration Script for Windows

Other Tools

• Windows Exploit Suggester - https://github.com/AonCyberLabs/Windows-Exploit-Suggester

• Metasploit Local Exploit Suggester - https://blog.rapid7.com/2015/08/11/metasploit-local-exploit-suggester-do-less-get-more/

• WES-NG: Windows Exploit Suggester - Next Generation - bitsadmin/wesng: Windows Exploit Suggester - Next Generation

  • Install

  • Run: wes.py --update

  • Run systeminfo on the target machine

  • Run wes.py systeminfo.txt

Checklist

• Windows PrivEsc Checklist - https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation

Windows PrivEsc Resources

• PayloadsAllTheThings - Windows Privilege Escalation

• Priv2Admin - Abusing Windows Privileges

• RogueWinRM Exploit

• Potatoes

• Decoder's Blog

• Token Kidnapping

• Hacktricks - Windows Local Privilege Escalation