HackerHub.me

Appearance

⬆️ Windows Privilege Escalation

Master Windows privilege escalation from basic enumeration to advanced exploitation techniques. Essential skills for penetration testers and red teamers.

🎯 Enumeration Fundamentals ​

πŸ” Information Gathering

Systematic approach to identifying privilege escalation opportunities

πŸ‘€

User & Group Information

Current user context

Understanding current user privileges, group memberships, and access tokens to identify potential escalation paths.

whoami /allnet user %username%net localgroup administrators
πŸ’»

System Information

OS & patch level

Gathering system information, patch levels, and installed software to identify known vulnerabilities.

systeminfowmic qfe listwmic product get name,version
πŸ”§

Running Processes

Services & applications

Analyzing running processes, services, and their privileges to find potential attack vectors.

tasklist /svcwmic service list briefsc query
🌐

Network Configuration

Connections & firewall

Network interfaces, connections, and firewall settings that might reveal additional attack surfaces.

ipconfig /allnetstat -anonetsh firewall show config

βš”οΈ Common Escalation Techniques ​

🎯 Exploitation Methods

Proven techniques for escalating privileges on Windows systems

⚠️ Ethical Use Only

These techniques are for educational purposes and authorized penetration testing only. Always ensure you have proper authorization before testing.

πŸ”§

Service Misconfigurations

Weak service permissions

Exploiting services with weak permissions, unquoted service paths, and modifiable service binaries.

Unquoted PathsWeak PermissionsService Restart
πŸ“‹

Registry Exploitation

Registry permissions

Exploiting weak registry permissions, AlwaysInstallElevated, and autorun entries for privilege escalation.

AlwaysInstallElevatedAutorunWeak ACLs
🎫

Token Impersonation

Access token abuse

Abusing access tokens, SeImpersonatePrivilege, and named pipes for privilege escalation attacks.

SeImpersonateNamed PipesPotato Attacks
πŸ—‚οΈ

DLL Hijacking

Library loading abuse

Exploiting DLL search order, missing DLLs, and weak folder permissions for code execution.

Search OrderMissing DLLsWeak Folders
πŸ”

Credential Harvesting

Password extraction

Extracting credentials from memory, registry, files, and cached credentials for lateral movement.

LSASSSAMCached Creds
πŸ›

Kernel Exploits

OS vulnerabilities

Exploiting kernel vulnerabilities and unpatched systems for direct SYSTEM-level access.

CVE ExploitsBuffer OverflowSYSTEM

πŸ› οΈ Essential Tools ​

βš’οΈ Privilege Escalation Tools

Automated and manual tools for identifying and exploiting privilege escalation vectors

πŸ”

WinPEAS

Automated enumeration

Comprehensive Windows privilege escalation enumeration script that checks for common misconfigurations.

Get WinPEAS
⚑

PowerUp

PowerShell enumeration

PowerShell script for finding common Windows privilege escalation vectors and misconfigurations.

Get PowerUp
πŸ₯”

Potato Exploits

Token impersonation

Collection of token impersonation exploits including JuicyPotato, RoguePotato, and PrintSpoofer.

Get Potato Tools
πŸ”‘

Mimikatz

Credential extraction

Advanced tool for extracting credentials from memory and performing various Windows security attacks.

Get Mimikatz

πŸ“š Methodology & Checklists ​

πŸ“‹ Systematic Approach

Structured methodology for comprehensive privilege escalation assessment

1️⃣ Initial Enumeration

  • Current user privileges and groups
  • System information and patch level
  • Running processes and services
  • Network configuration
  • Installed software and versions

2️⃣ Automated Scanning

  • Run WinPEAS or PowerUp
  • Check for common misconfigurations
  • Identify potential exploit paths
  • Review file and registry permissions
  • Analyze service configurations

3️⃣ Manual Verification

  • Verify automated findings
  • Check for false positives
  • Explore additional attack vectors
  • Test file and folder permissions
  • Examine scheduled tasks

4️⃣ Exploitation

  • Prioritize exploitation attempts
  • Test service misconfigurations
  • Attempt token impersonation
  • Try DLL hijacking attacks
  • Use kernel exploits as last resort

πŸ›‘οΈ Defense & Mitigation ​

πŸ”’ Hardening Strategies

Best practices for preventing privilege escalation attacks

πŸ” Access Controls

  • Principle of least privilege
  • Regular access reviews
  • Strong password policies
  • Multi-factor authentication
  • Privileged account management

πŸ”§ System Hardening

  • Regular security updates
  • Service configuration review
  • File and registry permissions
  • Remove unnecessary software
  • Disable unused services

πŸ“Š Monitoring

  • Process creation logging
  • Privilege escalation detection
  • Unusual service modifications
  • Registry change monitoring
  • Credential access alerts

πŸ—οΈ Architecture

  • Network segmentation
  • Application whitelisting
  • Endpoint protection
  • Backup and recovery
  • Incident response planning

πŸ’‘ Pro Tip

Always document your privilege escalation findings and create proof-of-concept exploits responsibly. This helps in demonstrating the impact to stakeholders and developing appropriate remediation strategies.

πŸš€ Master Windows Privilege Escalation?

Continue exploring Windows security with Active Directory attacks and essential security tools