Jump to content
Nytro

Windows-Privilege-Escalation-Resources

Recommended Posts

Windows-Privilege-Escalation-Resources

Compilation of Resources from TCM's Windows Priv Esc Udemy Course

General Links

Link to Website: https://www.thecybermentor.com/

Link to course: https://www.udemy.com/course/windows-privilege-escalation-for-beginners/

Link to discord server: https://discord.gg/RHZ7UF7

HackTheBox: https://www.hackthebox.eu/

TryHackMe: https://tryhackme.com/

TryHackMe Escalation Lab: https://tryhackme.com/room/windowsprivescarena

Introduction

Fuzzy Security Guide: https://www.fuzzysecurity.com/tutorials/16.html

PayloadAllTheThings: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md

Absoloom's Guide: https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/

Sushant 747's Guide: https://sushant747.gitbooks.io/total-oscp-guide/privilege_escalation_windows.html

Gaining a Foothold

msfvenom: https://netsec.ws/?p=331

Exploring Automated Tools

winpeas: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS

Windows Priv Esc Checklist: https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation

Sherlock: https://github.com/rasta-mouse/Sherlock

Watson: https://github.com/rasta-mouse/Watson

PowerUp: https://github.com/PowerShellMafia/PowerSploit/tree/master/Privesc

JAWS: https://github.com/411Hall/JAWS

Windows Exploit Suggester: https://github.com/AonCyberLabs/Windows-Exploit-Suggester

Metasploit Local Exploit Suggester: https://blog.rapid7.com/2015/08/11/metasploit-local-exploit-suggester-do-less-get-more/

Seatbelt: https://github.com/GhostPack/Seatbelt

SharpUp: https://github.com/GhostPack/SharpUp

Escalation Path: Kernel Exploits

Windows Kernel Exploits: https://github.com/SecWiki/windows-kernel-exploits

Kitrap0d Info: https://seclists.org/fulldisclosure/2010/Jan/341

MS10-059: https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS10-059

Escalation Path: Passwords and Port Forwarding

Achat Exploit: https://www.exploit-db.com/exploits/36025

Achat Exploit (Metasploit): https://www.rapid7.com/db/modules/exploit/windows/misc/achat_bof

Plink Download: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Escalation Path: Windows Subsystem for Linux

Spawning TTY Shell: https://netsec.ws/?p=337

Impacket Toolkit: https://github.com/SecureAuthCorp/impacket

Impersonation and Potato Attacks

Rotten Potato: https://foxglovesecurity.com/2016/09/26/rotten-potato-privilege-escalation-from-service-accounts-to-system/

Juicy Potato: https://github.com/ohpe/juicy-potato

Groovy Reverse Shell: https://gist.github.com/frohoff/fed1ffaab9b9beeb1c76

Alternative Data Streams: https://blog.malwarebytes.com/101/2015/07/introduction-to-alternate-data-streams/

Escalation Path: getsystem

getsystem Explained: https://blog.cobaltstrike.com/2014/04/02/what-happens-when-i-type-getsystem/

Escalation Path: Startup Applications

icacls Docs: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/icacls

Escalation Path: CVE-2019-1388

ZeroDayInitiative CVE-2019-1388: https://www.youtube.com/watch?v=3BQKpPNlTSo

Rapid7 CVE-2019-1388: https://www.rapid7.com/db/vulnerabilities/msft-cve-2019-1388

Capstone Challenge

Basic Powershell for Pentesters: https://book.hacktricks.xyz/windows/basic-powershell-for-pentesters

Mounting VHD Files: https://medium.com/@klockw3rk/mounting-vhd-file-on-kali-linux-through-remote-share-f2f9542c1f25

Capturing MSSQL Creds: https://medium.com/@markmotig/how-to-capture-mssql-credentials-with-xp-dirtree-smbserver-py-5c29d852f478

 

Sursa: https://github.com/Gr1mmie/Windows-Privilege-Escalation-Resources/blob/master/README.md

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...