Windows Privilege Escalation Resources
Exploits
- BHaFSec's Window Privilege Escalation [This is GOLD] - http://www.bhafsec.com/wiki/index.php/Windows_Privilege_Escalation
- DeleteExpiredTaskAfter - https://www.exploit-db.com/exploits/38200/
Tools
- PowerUp - https://github.com/PowerShellMafia/PowerSploit/tree/master/Privesc
- Sysinternals Suite - https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
- FolderPermissions.ps1 - www.greyhathacker.net/docs/folderperm.zip
- SubinACL - https://www.microsoft.com/en-us/download/confirmation.aspx?id=23510
- Windows-privesc-check - https://github.com/pentestmonkey/windows-privesc-check/archive/master.zip
- JollyFrog's Root Loot Script - https://pastebin.com/sUuqBGHk
- Windows Exploit Suggester - https://github.com/GDSSecurity/Windows-Exploit-Suggester
Tutorials
- Windows Privilege Escalation Fundamentals - http://www.fuzzysecurity.com/tutorials/16.html
- Windows WMIC Command Line - https://www.computerhope.com/wmic.htm
- Windows PrivEsc By Weak Folder Permissions - http://www.greyhathacker.net/?p=738
- Escalation Via Weak Service Permissions - http://travisaltman.com/windows-privilege-escalation-via-weak-service-permissions/
- Windows PrivEsc Methods for Pentesters - https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
- ATT&CK Privilege Escalation - https://attack.mitre.org/wiki/Privilege_Escalation
- Privilege Escalation | To Shell and Back - https://www.toshellandback.com/2015/11/24/ms-priv-esc/
- Automating Windows Privilege Escalation - http://resources.infosecinstitute.com/automating-windows-privilege-escalation/
- Hot Potato - https://foxglovesecurity.com/2016/01/16/hot-potato/
- Local Administrator Privileges - https://blog.netspi.com/windows-privilege-escalation-part-1-local-administrator-privileges/
- Metasploit Unleashed - https://www.offensive-security.com/metasploit-unleashed/privilege-escalation/
- Level Up! - Practical Windows PrivEsc - https://www.slideshare.net/jakx_/level-up-practical-windows-privilege-escalation
Thanks so much for this link dump! Always need more reading material.
No problem! It is sad to admit that meterpreter's getsystem works for me 90% of the time, so I decided I need to beef up my privesc skills on Windows boxes for that other 10% of the time.
I hope it is helpful for others. Having all of this in one spot has helped me for sure.
I've got a post with some linux privesc exploits, but I'm going to be making a similar post to this in the near future.