Basics of Windows privilege escalation
Switch branches/tags
Nothing to show
Clone or download
Latest commit 01c36c4 Sep 30, 2017
Permalink
Failed to load latest commit information.
README.md Create README.md Sep 30, 2017
windows privesc sectalks BNE0x19.pdf Add files via upload Sep 30, 2017

README.md

Windows-Privesc

Introduction into windows privilege escalation

Presented by me at Sectalks BNE0x19 (26th Session)
Created this presentation to force myself to learn a topic which I struggled with.

Unfortunately I did not get the time to incorporate all my ideas before the presentation. However I will be looking at adding to this in the near future.

Content

Password mining

> Files

> SAM/Unattended/sysprep

> Registry

AlwaysInstallElevated

Services

> Weak File Permissions

> Weak Registry Permissions

> Unquoted Service Paths

> DLL Hijacking

Kernal exploits

> Finding an exploit

> Compiling exploits

Post Exploitation

> Mimikatz

Automation

> Windows-privesc-check

Other

> Powersploit

Tools

creddump -> https://tools.kali.org/password-attacks/creddump

ICACLS -> Built into windows

Accesschk -> https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk

Windows-exploit-suggester -> https://github.com/GDSSecurity/Windows-Exploit-Suggester

Mimikatz -> https://github.com/gentilkiwi/mimikatz/

Windows-Priv-Check -> https://github.com/pentestmonkey/windows-privesc-check

Powersploit -> https://github.com/PowerShellMafia/PowerSploit

Sources

http://www.tenable.com/sc-report-templates/microsoft-windows-unquoted-service-path-vulnerability

http://blog.opensecurityresearch.com/2014/01/unsafe-dll-loading-vulnerabilities.html

https://www.exploit-db.com/docs/31687.pdf

http://travisaltman.com/windows-privilege-escalation-via-weak-service-permissions/

http://www.primalsecurity.net/0x4-python-tutorial-exe/

http://blog.opensecurityresearch.com/2014/01/unsafe-dll-loading-vulnerabilities.html

https://pentestlab.blog/2017/03/27/dll-hijacking/

https://www.exploit-db.com/papers/14813/

https://msitpros.com/?p=2012

https://blog.rapid7.com/2015/12/21/scannow-dll-search-order-hijacking-vulnerability-and-deprecation/