// Windows //
The most common vectors for Windows Privilege Escalation:
- Stored Credentials
- Windows Kernel Exploit
- DLL Injection
- Unattended Answer File
- Insecure File/Folder Permissions
- Insecure Service Permissions
- DLL Hijacking
- Group Policy Preferences
- Unquoted Service Path
- Always Install Elevated
- Token Manipulation
- Insecure Registry Permissions
- Autologon User Credential
- User Account Control (UAC) Bypass
- Insecure Named Pipes Permissions
// Automated Discovery Tools //
BeRoot // Written in Python, quickly enumerates common Windows configurations. //
PowerUp // From a suite of tools created by the PowerShellMafia, known as PowerSploit. //
JAWS // Just another Windows Script, written in PowerShell 2.0, works on Win 7 and up. //
Windows Exploit Suggester // Yea, it suggests exploits. Queries Microsoft vulnerability database against current patch levels. //
// linux //
The most common vectors for Linux Privilege Escalation:
- Kernel exploits
- Programs running as root
- Installed software
- Weak/reused/plaintext passwords
- Inside service
- Suid misconfiguration
- Abusing sudo-rights
- World writable scripts invoked by root
- Bad path configuration
- Cronjobs
- Unmounted filesystems
// Automated Discovery Tools //
LinEnum // Bash script to quickly enumerate the common paths to root. //
unix-privesc-check // From Pentest monkey, works on just about every flavor. //
linprivchecker // A python alternative //