Skip to content

Privilege Escalation

// Windows //

The most common vectors for Windows Privilege Escalation:

  1. Stored Credentials
  2. Windows Kernel Exploit
  3. DLL Injection
  4. Unattended Answer File
  5. Insecure File/Folder Permissions
  6. Insecure Service Permissions
  7. DLL Hijacking
  8. Group Policy Preferences
  9. Unquoted Service Path
  10. Always Install Elevated
  11. Token Manipulation
  12. Insecure Registry Permissions
  13. Autologon User Credential
  14. User Account Control (UAC) Bypass
  15. Insecure Named Pipes Permissions

// Automated Discovery Tools //

BeRoot // Written in Python, quickly enumerates common Windows configurations. //

PowerUp // From a suite of tools created by the PowerShellMafia, known as PowerSploit. //

JAWS // Just another Windows Script, written in PowerShell 2.0, works on Win 7 and up. //

Windows Exploit Suggester // Yea, it suggests exploits. Queries Microsoft vulnerability database against current patch levels. //

// linux //

The most common vectors for Linux Privilege Escalation:

  1. Kernel exploits
  2. Programs running as root
  3. Installed software
  4. Weak/reused/plaintext passwords
  5. Inside service
  6. Suid misconfiguration
  7. Abusing sudo-rights
  8. World writable scripts invoked by root
  9. Bad path configuration
  10. Cronjobs
  11. Unmounted filesystems

// Automated Discovery Tools //

LinEnum // Bash script to quickly enumerate the common paths to root. //

unix-privesc-check // From Pentest monkey, works on just about every flavor. //

linprivchecker // A python alternative //