Skip to content
master
Switch branches/tags
Go to file
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

README.md

Windows-Privesc

Introduction into windows privilege escalation

Presented by me at Sectalks BNE0x19 (26th Session)
Created this presentation to force myself to learn a topic which I struggled with.

Unfortunately I did not get the time to incorporate all my ideas before the presentation. However I will be looking at adding to this in the near future.

Content

Password mining

> Files

> SAM/Unattended/sysprep

> Registry

AlwaysInstallElevated

Services

> Weak File Permissions

> Weak Registry Permissions

> Unquoted Service Paths

> DLL Hijacking

Kernal exploits

> Finding an exploit

> Compiling exploits

Post Exploitation

> Mimikatz

Automation

> Windows-privesc-check

Other

> Powersploit

Tools

creddump -> https://tools.kali.org/password-attacks/creddump

ICACLS -> Built into windows

Accesschk -> https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk

Windows-exploit-suggester -> https://github.com/GDSSecurity/Windows-Exploit-Suggester

Mimikatz -> https://github.com/gentilkiwi/mimikatz/

Windows-Priv-Check -> https://github.com/pentestmonkey/windows-privesc-check

Powersploit -> https://github.com/PowerShellMafia/PowerSploit

Sources

http://www.tenable.com/sc-report-templates/microsoft-windows-unquoted-service-path-vulnerability

http://blog.opensecurityresearch.com/2014/01/unsafe-dll-loading-vulnerabilities.html

https://www.exploit-db.com/docs/31687.pdf

http://travisaltman.com/windows-privilege-escalation-via-weak-service-permissions/

http://www.primalsecurity.net/0x4-python-tutorial-exe/

http://blog.opensecurityresearch.com/2014/01/unsafe-dll-loading-vulnerabilities.html

https://pentestlab.blog/2017/03/27/dll-hijacking/

https://www.exploit-db.com/papers/14813/

https://msitpros.com/?p=2012

https://blog.rapid7.com/2015/12/21/scannow-dll-search-order-hijacking-vulnerability-and-deprecation/

About

Basics of Windows privilege escalation

Resources

Releases

No releases published

Packages

No packages published