• Stars
    star
    691
  • Rank 65,435 (Top 2 %)
  • Language
  • Created over 4 years ago
  • Updated about 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Compilation of Resources from TCM's Windows Priv Esc Udemy Course

Windows-Privilege-Escalation-Resources

Compilation of Resources from TCM's Windows Priv Esc Udemy Course

General Links

Link to Website: https://www.thecybermentor.com/

Links to course:

Link to discord server: https://discord.gg/EM6tqPZ

HackTheBox: https://www.hackthebox.eu/

TryHackMe: https://tryhackme.com/

TryHackMe Escalation Lab: https://tryhackme.com/room/windowsprivescarena

Introduction

Fuzzy Security Guide: https://www.fuzzysecurity.com/tutorials/16.html

PayloadAllTheThings: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md

Absoloom's Guide: https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/

Sushant 747's Guide: https://sushant747.gitbooks.io/total-oscp-guide/privilege_escalation_windows.html

Gaining a Foothold

msfvenom: https://netsec.ws/?p=331

Exploring Automated Tools

winpeas: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS

Windows Priv Esc Checklist: https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation

Sherlock: https://github.com/rasta-mouse/Sherlock

Watson: https://github.com/rasta-mouse/Watson

PowerUp: https://github.com/PowerShellMafia/PowerSploit/tree/master/Privesc

JAWS: https://github.com/411Hall/JAWS

Windows Exploit Suggester: https://github.com/AonCyberLabs/Windows-Exploit-Suggester

Metasploit Local Exploit Suggester: https://blog.rapid7.com/2015/08/11/metasploit-local-exploit-suggester-do-less-get-more/

Seatbelt: https://github.com/GhostPack/Seatbelt

SharpUp: https://github.com/GhostPack/SharpUp

Escalation Path: Kernel Exploits

Windows Kernel Exploits: https://github.com/SecWiki/windows-kernel-exploits

Kitrap0d Info: https://seclists.org/fulldisclosure/2010/Jan/341

MS10-059: https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS10-059

Escalation Path: Passwords and Port Forwarding

Achat Exploit: https://www.exploit-db.com/exploits/36025

Achat Exploit (Metasploit): https://www.rapid7.com/db/modules/exploit/windows/misc/achat_bof

Plink Download: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Escalation Path: Windows Subsystem for Linux

Spawning TTY Shell: https://netsec.ws/?p=337

Impacket Toolkit: https://github.com/SecureAuthCorp/impacket

Impersonation and Potato Attacks

Rotten Potato: https://foxglovesecurity.com/2016/09/26/rotten-potato-privilege-escalation-from-service-accounts-to-system/

Juicy Potato: https://github.com/ohpe/juicy-potato

Groovy Reverse Shell: https://gist.github.com/frohoff/fed1ffaab9b9beeb1c76

Alternative Data Streams: https://blog.malwarebytes.com/101/2015/07/introduction-to-alternate-data-streams/

Escalation Path: getsystem

getsystem Explained: https://blog.cobaltstrike.com/2014/04/02/what-happens-when-i-type-getsystem/

Escalation Path: Startup Applications

icacls Docs: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/icacls

Escalation Path: CVE-2019-1388

ZeroDayInitiative CVE-2019-1388: https://www.youtube.com/watch?v=3BQKpPNlTSo

Rapid7 CVE-2019-1388: https://www.rapid7.com/db/vulnerabilities/msft-cve-2019-1388

Capstone Challenge

Basic Powershell for Pentesters: https://book.hacktricks.xyz/windows/basic-powershell-for-pentesters

Mounting VHD Files: https://medium.com/@klockw3rk/mounting-vhd-file-on-kali-linux-through-remote-share-f2f9542c1f25

Capturing MSSQL Creds: https://medium.com/@markmotig/how-to-capture-mssql-credentials-with-xp-dirtree-smbserver-py-5c29d852f478