Nytro Posted May 9, 2020 Report Share Posted May 9, 2020 Windows-Privilege-Escalation-Resources Compilation of Resources from TCM's Windows Priv Esc Udemy Course General Links Link to Website: https://www.thecybermentor.com/ Link to course: https://www.udemy.com/course/windows-privilege-escalation-for-beginners/ Link to discord server: https://discord.gg/RHZ7UF7 HackTheBox: https://www.hackthebox.eu/ TryHackMe: https://tryhackme.com/ TryHackMe Escalation Lab: https://tryhackme.com/room/windowsprivescarena Introduction Fuzzy Security Guide: https://www.fuzzysecurity.com/tutorials/16.html PayloadAllTheThings: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md Absoloom's Guide: https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/ Sushant 747's Guide: https://sushant747.gitbooks.io/total-oscp-guide/privilege_escalation_windows.html Gaining a Foothold msfvenom: https://netsec.ws/?p=331 Exploring Automated Tools winpeas: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS Windows Priv Esc Checklist: https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation Sherlock: https://github.com/rasta-mouse/Sherlock Watson: https://github.com/rasta-mouse/Watson PowerUp: https://github.com/PowerShellMafia/PowerSploit/tree/master/Privesc JAWS: https://github.com/411Hall/JAWS Windows Exploit Suggester: https://github.com/AonCyberLabs/Windows-Exploit-Suggester Metasploit Local Exploit Suggester: https://blog.rapid7.com/2015/08/11/metasploit-local-exploit-suggester-do-less-get-more/ Seatbelt: https://github.com/GhostPack/Seatbelt SharpUp: https://github.com/GhostPack/SharpUp Escalation Path: Kernel Exploits Windows Kernel Exploits: https://github.com/SecWiki/windows-kernel-exploits Kitrap0d Info: https://seclists.org/fulldisclosure/2010/Jan/341 MS10-059: https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS10-059 Escalation Path: Passwords and Port Forwarding Achat Exploit: https://www.exploit-db.com/exploits/36025 Achat Exploit (Metasploit): https://www.rapid7.com/db/modules/exploit/windows/misc/achat_bof Plink Download: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html Escalation Path: Windows Subsystem for Linux Spawning TTY Shell: https://netsec.ws/?p=337 Impacket Toolkit: https://github.com/SecureAuthCorp/impacket Impersonation and Potato Attacks Rotten Potato: https://foxglovesecurity.com/2016/09/26/rotten-potato-privilege-escalation-from-service-accounts-to-system/ Juicy Potato: https://github.com/ohpe/juicy-potato Groovy Reverse Shell: https://gist.github.com/frohoff/fed1ffaab9b9beeb1c76 Alternative Data Streams: https://blog.malwarebytes.com/101/2015/07/introduction-to-alternate-data-streams/ Escalation Path: getsystem getsystem Explained: https://blog.cobaltstrike.com/2014/04/02/what-happens-when-i-type-getsystem/ Escalation Path: Startup Applications icacls Docs: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/icacls Escalation Path: CVE-2019-1388 ZeroDayInitiative CVE-2019-1388: https://www.youtube.com/watch?v=3BQKpPNlTSo Rapid7 CVE-2019-1388: https://www.rapid7.com/db/vulnerabilities/msft-cve-2019-1388 Capstone Challenge Basic Powershell for Pentesters: https://book.hacktricks.xyz/windows/basic-powershell-for-pentesters Mounting VHD Files: https://medium.com/@klockw3rk/mounting-vhd-file-on-kali-linux-through-remote-share-f2f9542c1f25 Capturing MSSQL Creds: https://medium.com/@markmotig/how-to-capture-mssql-credentials-with-xp-dirtree-smbserver-py-5c29d852f478 Sursa: https://github.com/Gr1mmie/Windows-Privilege-Escalation-Resources/blob/master/README.md Quote Link to comment Share on other sites More sharing options...