⚔️
DWSec Wiki
  • Welcome to the DWSec Notes
  • Windows Privilege Escalation
  • Active Directory
    • Fundamentals
      • Introduction
      • Protocols
      • Authentication
      • Glossary of terms
      • Objects
      • AD CS
    • Pentest Methodology
    • Insecure Logins
    • Bloodhound & ldapdomaindump
    • NTLMRelaying (445)
    • SMB Coercing (445)
    • Pre2k
    • DACL Abuse
    • Kerberoasting
    • Utility Tools
    • Powershell
  • Networking
    • Fundamentals
    • Pivoting, Tunneling and Portforwarding
    • DNS
    • Ligolo-ng
    • Toolbox
    • Protocols
      • 80/443 - HTTP/HTTPS
      • 389 - LDAP
      • 445 - SMB
  • Web
    • Active Enumeration
    • Passive Enumeration
  • ADPwn
  • Tools
    • Tools overview
Powered by GitBook
On this page
  • System Information
  • Looting via Files
  • User Enumeration
  • Resources

Was this helpful?

Windows Privilege Escalation

System Information

Basic information about the system:

systeminfo
Get-ComputerInfo -Property OS*

Looting via Files

User Enumeration

Get information about the user:

  • Insecure service permissions

  • Unquoted service paths

  • Weak registry permissions

  • Insecure service executables

  • Passwords

  • Overprivileged Users

  • Security Account Manager (SAM)

  • Pass-the-hash

  • Insecure GUI apps

  • Kernel exploits

Resources

PreviousWelcome to the DWSec NotesNextFundamentals

Last updated 2 months ago

Was this helpful?

LogoPrivilege Escalation, Tactic TA0004 - Enterprise | MITRE ATT&CK®
LogoWindows - Privilege Escalation - Internal All The Things
LogoPrivilege Escalation on Windows (With Examples)DelineaInc