Windows Privilege Escalation
Last updated
Was this helpful?
Last updated
Was this helpful?
In order to elevate your privileges on Windows, you must first, identify privilege escalation vulnerabilities that exist on the target system.
This process will differ greatly based on the type of target you gain access to. Privilege escalation on Windows can be performed through a plethora of techniques based on the version of Windows and the system’s unique configuration.
This process can be quite tedious and time consuming and as a result, it is recommended to automate the processes of identifying privilege escalation vulnerabilities. This can be done through the use of various automation scripts.
- This script aims to enumerate common Windows configuration issues that can be leveraged for local privilege escalation. It also gathers various information that might be useful for exploitation and/or post-exploitation.
exploit/multi/script/web_delivery – Generate a web-based payload for exploitation.
post/multi/manage/shell_to_meterpreter – Convert a shell session to a Meterpreter session.
Execute the following PowerShell command to use PrivescCheck: powershell -ep bypass -c ". .\\PrivescCheck.ps1; Invoke-PrivescCheck" This PowerShell command executes the PrivescCheck script to perform privilege escalation checks.
Utilizing Found Windows Passwords for System Login:
If you discover Windows passwords during privilege escalation, you can use them to log in to the system using the following methods:
use /exploit/windows/smb/psexec: Utilize the specified Metasploit module to execute a payload on a remote Windows system, enabling authentication and execution of commands using discovered credentials.
Hacker's Mantra:Hackers: rewriting the code of the world.
psexec.py administrator@<target_ip>: This command allows you to use to establish a remote connection to the target system with the provided administrator's credentials.