Skip to content

Latest commit

 

History

History
33 lines (31 loc) · 830 Bytes

Introduction.md

File metadata and controls

33 lines (31 loc) · 830 Bytes
Raw

Windows Escalation Notes

These are my notes on how to esclate Windows machines, it isn't exhaustive and it certainly isn't complete but it is a start for now.

Table of Contents

  1. Escalation Paths
  • a. Active Directory
  • b. DLL Hijacking
  • c. Executable Files
  • d. getsystem escalation path
  • e. Impersonination and Potato Attacks
  • f. Kernel exploits
  • g. Passwords and Port Forwarding
  • h. Registry Escalation Path
  • i. RunAs
  • j. Service Permissions
  • k. Startup Applications
  • l. Windows Subsystem for Linux (WSL)
  1. Exploring Automated Tools
  • a. jaws-enum
  • b. powerup
  • c. Seatbelt
  • d. Sharup
  • e. sherlock
  • f. Watson
  • g. winPEAS
  1. Initial Enumeration
  • a. Active Directory Enumeration
  • b. AV and Firewall Enumeration
  • c. Network Enumeration
  • d. Password Hunting
  • e. System Enumeration
  • f. User Enumeration