The general goal of Windows privilege escalation is to further our access to a given system to a member of the Local Administrators group or the NT AUTHORITY\SYSTEM LocalSystem account.
| 1. | When testing a client’s gold image Windows workstation and server build for flaws |
| 2. | To escalate privileges locally to gain access to some local resource such as a database |
| 3. | To gain NT AUTHORITY\System level access on a domain-joined machine to gain a foothold into the client’s Active Directory environment |
| 4. | To obtain credentials to move laterally or escalate privileges within the client’s network |
Windows systems present a vast attack surface. Just some of the ways that we can escalate privileges are:
| Abusing Windows group privileges | Abusing Windows user privileges |
|---|---|
| Bypassing User Account Control | Abusing weak service/file permissions |
| Leveraging unpatched kernel exploits | Credential theft |
| Traffic Capture | and more. |
Tools Spotted:
- Snaffler
- secretsdump.py
- Juicy Potato
- SeImpersonatePrivilege
- xp_cmdshell stored procedure
xfreerdp /v:10.129.43.36 /u:htb-student