Windows - Privilege Escalation
Content of this page has been moved to InternalAllTheThings/redteam/escalation/windows-privilege-escalation
- Tools
- Windows Version and Configuration
- User Enumeration
- Network Enumeration
- Antivirus Enumeration
- Default Writeable Folders
- EoP - Looting for passwords
- SAM and SYSTEM files
- HiveNightmare
- LAPS Settings
- Search for file contents
- Search for a file with a certain filename
- Search the registry for key names and passwords
- Passwords in unattend.xml
- Wifi passwords
- Sticky Notes passwords
- Passwords stored in services
- Passwords stored in Key Manager
- Powershell History
- Powershell Transcript
- Password in Alternate Data Stream
- EoP - Processes Enumeration and Tasks
- EoP - Incorrect permissions in services
- EoP - Windows Subsystem for Linux (WSL)
- EoP - Unquoted Service Paths
- EoP - $PATH Interception
- EoP - Named Pipes
- EoP - Kernel Exploitation
- EoP - Microsoft Windows Installer
- EoP - Insecure GUI apps
- EoP - Evaluating Vulnerable Drivers
- EoP - Printers
- EoP - Runas
- EoP - Abusing Shadow Copies
- EoP - From local administrator to NT SYSTEM
- EoP - Living Off The Land Binaries and Scripts
- EoP - Impersonation Privileges
- EoP - Privileged File Write
- EoP - Privileged File Delete
- EoP - Common Vulnerabilities and Exposures
- EoP - $PATH Interception
- References