> For the complete documentation index, see [llms.txt](https://notes.cavementech.com/pentesting-quick-reference/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://notes.cavementech.com/pentesting-quick-reference/privilege-escalation/windows-priv-esc.md).

# Windows Priv esc

### Check if we are admin

<figure><img src="/files/7baXRtYWEpVWuy8eu8RM" alt=""><figcaption></figcaption></figure>

### Living of the land GTFO Bins for Windows

{% embed url="<https://lolbas-project.github.io/>" %}

### Enumeration with Winpeas

```
wget https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/a17f91745cafc5fa43a428d766294190c0ff70a1/winPEAS/winPEASexe/binaries/x86/Release/winPEASx86.exe
```

### Enumeration with powerup.ps1

```
https://github.com/PowerShellMafia/PowerSploit/blob/master/Privesc/PowerUp.ps1
```

upload the script with metasploit

```
upload /root/PowerSploit/Privesc/PowerUp.ps1
```

<figure><img src="/files/tHFO2jM7rcgSLAiSqnIX" alt=""><figcaption></figcaption></figure>

Now run the script with Powershell

```
load Powershell
powershell_shell
.\PowerUp.ps1
Invoke-Allchecks
```

<figure><img src="/files/mPFtGyNbwXbxcLWFIN1b" alt=""><figcaption></figcaption></figure>

### Getsystem Meterpreter

Good easy win

{% embed url="<https://www.cobaltstrike.com/blog/what-happens-when-i-type-getsystem>" %}

<figure><img src="/files/tJkLYQhbdb101VaTzEZS" alt=""><figcaption></figcaption></figure>

### Windows compiled exploits

{% embed url="<https://github.com/SecWiki/windows-kernel-exploits>" %}

{% embed url="<https://github.com/abatchy17/WindowsExploits>" %}

### Good Resources and Cheetsheets

{% embed url="<https://www.fuzzysecurity.com/tutorials/16.html>" %}

{% embed url="<https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md>" %}

{% embed url="<https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/>" %}

{% embed url="<https://sushant747.gitbooks.io/total-oscp-guide/content/privilege_escalation_windows.html>" %}

{% embed url="<https://github.com/TCM-Course-Resources/Windows-Privilege-Escalation-Resources>" %}
TCM Course Resources
{% endembed %}
