Skip to content

Checklist - Local Windows Privilege Escalation โ€‹

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

Try Hard Security Group

โ›“๏ธ External Link

Best tool to look for Windows local privilege escalation vectors: WinPEAS โ€‹

System Info โ€‹

Logging/AV enumeration โ€‹

Network โ€‹

Running Processes โ€‹

Services โ€‹

Applications โ€‹

DLL Hijacking โ€‹

  • Can you write in any folder inside PATH?
  • Is there any known service binary that tries to load any non-existant DLL?
  • Can you write in any binaries folder?

Network โ€‹

  • Enumerate the network (shares, interfaces, routes, neighbours, ...)
  • Take a special look at network services listening on localhost (127.0.0.1)

Windows Credentials โ€‹

Files and Registry (Credentials) โ€‹

Leaked Handlers โ€‹

  • Have you access to any handler of a process run by administrator?

Pipe Client Impersonation โ€‹

  • Check if you can abuse it

Try Hard Security Group

โ›“๏ธ External Link
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks: