5️⃣5 - Local Privilege Escalation

Topics

Privilege Escalation

Privilege Escalation is usually the third step (after Reconnaissance and Domain Enumeration) regarding attack methodology.

In an AD environment we can perform privilege escalation for this scope:

  • Hunting for Local Admin access on other machines

  • Hunting for high privilege domain account (like as DOmain Administrator).

There're various ways to escalate privileges on Windows Box:

  • Missing patches

  • Automated deployment and AutoLogon psw in cleartext

  • AlwaysInstallElevated (Any user can run MSI as SYSTEM)

  • Misconfigured Services

  • DLL Hijacking and more

  • Unquoted Service Path

  • Scheduled Task

  • Kerberos and NTLM Relaying

More details (not related to AD) are explained here: Windows Privilege Escalation

Tools

While, more common tools to help us into process are:

❗ Disclaimer

Labs

Last updated