Windows-Privilege-Escalation-Resources
Compilation of Resources from TCM's Windows Priv Esc Udemy Course
General Links
Link to Website: https://www.thecybermentor.com/
Links to course:
- https://www.udemy.com/course/windows-privilege-escalation-for-beginners/ (udemy)
- https://academy.tcm-sec.com/p/windows-privilege-escalation-for-beginners (tcm academy)
Link to discord server: https://discord.gg/EM6tqPZ
HackTheBox: https://www.hackthebox.eu/
TryHackMe: https://tryhackme.com/
TryHackMe Escalation Lab: https://tryhackme.com/room/windowsprivescarena
Introduction
Fuzzy Security Guide: https://www.fuzzysecurity.com/tutorials/16.html
PayloadAllTheThings: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md
Absoloom's Guide: https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
Sushant 747's Guide: https://sushant747.gitbooks.io/total-oscp-guide/privilege_escalation_windows.html
Gaining a Foothold
msfvenom: https://netsec.ws/?p=331
Exploring Automated Tools
winpeas: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS
Windows Priv Esc Checklist: https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation
Sherlock: https://github.com/rasta-mouse/Sherlock
Watson: https://github.com/rasta-mouse/Watson
PowerUp: https://github.com/PowerShellMafia/PowerSploit/tree/master/Privesc
JAWS: https://github.com/411Hall/JAWS
Windows Exploit Suggester: https://github.com/AonCyberLabs/Windows-Exploit-Suggester
Metasploit Local Exploit Suggester: https://blog.rapid7.com/2015/08/11/metasploit-local-exploit-suggester-do-less-get-more/
Seatbelt: https://github.com/GhostPack/Seatbelt
SharpUp: https://github.com/GhostPack/SharpUp
Escalation Path: Kernel Exploits
Windows Kernel Exploits: https://github.com/SecWiki/windows-kernel-exploits
Kitrap0d Info: https://seclists.org/fulldisclosure/2010/Jan/341
MS10-059: https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS10-059
Escalation Path: Passwords and Port Forwarding
Achat Exploit: https://www.exploit-db.com/exploits/36025
Achat Exploit (Metasploit): https://www.rapid7.com/db/modules/exploit/windows/misc/achat_bof
Plink Download: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
Escalation Path: Windows Subsystem for Linux
Spawning TTY Shell: https://netsec.ws/?p=337
Impacket Toolkit: https://github.com/SecureAuthCorp/impacket
Impersonation and Potato Attacks
Rotten Potato: https://foxglovesecurity.com/2016/09/26/rotten-potato-privilege-escalation-from-service-accounts-to-system/
Juicy Potato: https://github.com/ohpe/juicy-potato
Groovy Reverse Shell: https://gist.github.com/frohoff/fed1ffaab9b9beeb1c76
Alternative Data Streams: https://blog.malwarebytes.com/101/2015/07/introduction-to-alternate-data-streams/
Escalation Path: getsystem
getsystem Explained: https://blog.cobaltstrike.com/2014/04/02/what-happens-when-i-type-getsystem/
Escalation Path: Startup Applications
icacls Docs: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/icacls
Escalation Path: CVE-2019-1388
ZeroDayInitiative CVE-2019-1388: https://www.youtube.com/watch?v=3BQKpPNlTSo
Rapid7 CVE-2019-1388: https://www.rapid7.com/db/vulnerabilities/msft-cve-2019-1388
Capstone Challenge
Basic Powershell for Pentesters: https://book.hacktricks.xyz/windows/basic-powershell-for-pentesters
Mounting VHD Files: https://medium.com/@klockw3rk/mounting-vhd-file-on-kali-linux-through-remote-share-f2f9542c1f25
Capturing MSSQL Creds: https://medium.com/@markmotig/how-to-capture-mssql-credentials-with-xp-dirtree-smbserver-py-5c29d852f478