Windows Priv esc

Check if we are admin

Living of the land GTFO Bins for Windows

LOLBASlolbas-project.github.io

Enumeration with Winpeas

wget https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/a17f91745cafc5fa43a428d766294190c0ff70a1/winPEAS/winPEASexe/binaries/x86/Release/winPEASx86.exe

Enumeration with powerup.ps1

https://github.com/PowerShellMafia/PowerSploit/blob/master/Privesc/PowerUp.ps1

upload the script with metasploit

upload /root/PowerSploit/Privesc/PowerUp.ps1

Now run the script with Powershell

load Powershell
powershell_shell
.\PowerUp.ps1
Invoke-Allchecks

Getsystem Meterpreter

Good easy win

What happens when I type getsystem? | Cobalt StrikeCobalt Strike

Windows compiled exploits

GitHub - SecWiki/windows-kernel-exploits: windows-kernel-exploits Windows平台提权漏洞集合GitHub

GitHub - abatchy17/WindowsExploits: Windows exploits, mostly precompiled. Not being updated. Check https://github.com/SecWiki/windows-kernel-exploits instead.GitHub

Good Resources and Cheetsheets

FuzzySecurity | Windows Privilege Escalation Fundamentalswww.fuzzysecurity.com

PayloadsAllTheThings/Methodology and Resources/Windows - Privilege Escalation.md at master · swisskyrepo/PayloadsAllTheThingsGitHub

Windows Privilege Escalation Guidewww.absolomb.com

Privilege Escalation - Windows · Total OSCP Guidesushant747.gitbooks.io

PreviousPrivilege Escalation NextInitial Enumeration

Last updated 22 days ago

hashtagCheck if we are admin

hashtagLiving of the land GTFO Bins for Windows

hashtagEnumeration with Winpeas

hashtagEnumeration with powerup.ps1

hashtagGetsystem Meterpreter

hashtagWindows compiled exploits

hashtagGood Resources and Cheetsheets

Check if we are admin

Living of the land GTFO Bins for Windows

Enumeration with Winpeas

Enumeration with powerup.ps1

Getsystem Meterpreter

Windows compiled exploits

Good Resources and Cheetsheets