Checklist - PrivEsc

Checklist for privilege escalation in Windows

Checklist

  • Uncommon directories under C directory

  • Installed vulnerable programs

  • Unquoted service paths

  • Exploitable build version

  • SeImpersonateToken or SeAssignPrimaryToken - Enabled

  • Jobs with editable files

  • Weak passwords at Filezilla FTP

  • MSSQL is running with sa user

  • Misconfigured LDAP

System Version Number

winver

REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ReleaseId

Windows Exploit Suggester

windows-exploit-suggester.py

systeminfo >> output to text file in local machine
./windows-exploit-suggester.py output.txt

Finding Out Process Name Which Is Listening On TCP Or UDP Port

https://stackoverflow.com/questions/48198/how-can-you-find-out-which-process-is-listening-on-a-tcp-or-udp-port-on-windows

Get-Process -Id (Get-NetTCPConnection -LocalPort 65535).OwningProcess

Disabling Firewall (Need High Priv.)

netsh advfirewall set allprofiles state off

Excluding the folder from Defender (Need High Priv.)

powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Administrator\Desktop"

PreviousWindowsNextMSSQL

Last updated