Introduction into windows privilege escalation
Presented by me at Sectalks BNE0x19 (26th Session)
Created this presentation to force myself to learn a topic which I struggled with.
Unfortunately I did not get the time to incorporate all my ideas before the presentation. However I will be looking at adding to this in the near future.
> Files
> SAM/Unattended/sysprep
> Registry
> Weak File Permissions
> Weak Registry Permissions
> Unquoted Service Paths
> DLL Hijacking
> Finding an exploit
> Compiling exploits
> Mimikatz
> Windows-privesc-check
> Powersploit
creddump -> https://tools.kali.org/password-attacks/creddump
ICACLS -> Built into windows
Accesschk -> https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk
Windows-exploit-suggester -> https://github.com/GDSSecurity/Windows-Exploit-Suggester
Mimikatz -> https://github.com/gentilkiwi/mimikatz/
Windows-Priv-Check -> https://github.com/pentestmonkey/windows-privesc-check
Powersploit -> https://github.com/PowerShellMafia/PowerSploit
http://www.tenable.com/sc-report-templates/microsoft-windows-unquoted-service-path-vulnerability
http://blog.opensecurityresearch.com/2014/01/unsafe-dll-loading-vulnerabilities.html
https://www.exploit-db.com/docs/31687.pdf
http://travisaltman.com/windows-privilege-escalation-via-weak-service-permissions/
http://www.primalsecurity.net/0x4-python-tutorial-exe/
http://blog.opensecurityresearch.com/2014/01/unsafe-dll-loading-vulnerabilities.html
https://pentestlab.blog/2017/03/27/dll-hijacking/
https://www.exploit-db.com/papers/14813/
https://blog.rapid7.com/2015/12/21/scannow-dll-search-order-hijacking-vulnerability-and-deprecation/