II. Local Privilege Escalation

There are various ways of locally escalating privileges on Windows box:
- Missing patches
- Automated deployment and AutoLogon passwords in clear text
- AlwaysInstallElevated (Any user can run MSI as SYSTEM)
- Misconfigured Services
- DLL Hijacking and more
We can use below tools for complete coverage
- PowerUp: https://github.com/PowerShellMafia/PowerSploit/tree/master/Privesc
- BeRoot: https://github.com/AlessandroZ/BeRoot
- Privesc: https://github.com/enjoiz/Privesc

PowerUp

#Privesc:
Invoke-PrivEsc


#Run all checks from
Invoke-AllChecks



#Get services with unquoted paths and a space in their name.
Get-ServiceUnquoted -Verbose


#Get services where the current user can write to its binary path or change arguments to the binary
Get-ModifiableServiceFile -Verbose


#Get the services whose configuration current user can modify.
Get-ModifiableService -Verbose

PreviousTrust Domain Enumeration NextLateral Movement

Last updated 4 years ago

Was this helpful?