5 - Local Privilege Escalation
Last updated
Last updated
Privilege Escalation is usually the third step (after Reconnaissance and Domain Enumeration) regarding attack methodology.
In an AD environment we can perform privilege escalation for this scope:
Hunting for Local Admin access on other machines
Hunting for high privilege domain account (like as DOmain Administrator).
There're various ways to escalate privileges on Windows Box:
Missing patches
Automated deployment and AutoLogon psw in cleartext
AlwaysInstallElevated (Any user can run MSI as SYSTEM)
Misconfigured Services
DLL Hijacking and more
Unquoted Service Path
Scheduled Task
Kerberos and NTLM Relaying
While, more common tools to help us into process are:
Never use tools and techniques on real IP addresses, hosts or networks without proper authorization!❗
More details (not related to AD) are explained here:
:
:
:
