PrivX Guides

PrivX Guides

PrivX Guides

Windows

http://www.fuzzysecurity.com/tutorials/16.html http://it-ovid.blogspot.com/2012/02/windows-privilege-escalation.html http://pwnwiki.io/#!privesc/windows/index.md https://www.greyhathacker.net/?p=738 https://toshellandback.com/2015/11/24/ms-priv-esc/ https://blog.netspi.com/windows-privilege-escalation-part-1-local-administrator-privileges/

List patch level:

C:\>wmic qfe get Caption,Description,HotFixID,InstalledOn

Linux

https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ http://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/ http://www.dankalia.com/tutor/01005/0100501004.htm https://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-List

Scripts

privilege-escalation-awesome-scripts-suite Windows Exploit Dowser Windows Exploit Suggester - Next Generation windows-privesc-check linuxprivchecker unix-privesc-check LinEnum

---

Remember:

1. Check for kernel(*nix) or OS (windows) exploits.
2. CHECK RUNNING SERVICES. What is installed and running on the target? Is there a local exploit available for that service?
3. Look for misconfigured file permissions (those checker scripts are great for this). Is there something readable/writiable to me that shouldn't be? For example: should I be able to write to a file owned by user/group root? Probably not. What about scheduled task/cron jobs? Can I use those somehow?
4. Lastly, I just look around for any files that maybe have a password in them. Example: SQL/Apache config files. Did someone leave a password I could use here?