eJPT Junior Penetration Tester
ShopAuthorPatreonHTB Pro Labs
eCPPTv2 Certified Professional Penetration Tester
eCPPTv2 Certified Professional Penetration Tester
  • 🍕eCPPTv2 Study
  • Author
  • Certification
    • 🟢Exam Description
    • Register
  • RFS Tips
    • 🟢Before the Exam
    • 🟢Prepare your Setup
    • 🟢Questions?
    • 🎓Learn more... Get eCPPTv2
    • 🟢Start Hacking
  • Reports
    • PwnDoc Documentation
    • 🟢Templates
  • Methodology
    • 🟢To Scan a Network
    • 🟢To Attack a Linux Machine
    • 🟢To Attack a Windows Machine
    • 🟠Linux Privilege Escalation
    • Windows Privilege Escalation
    • Linux Post Exploitation
    • Windows Post Exploitation
    • Pivoting Methodology
  • Web Tools
    • Why these Tools
    • Rev Shells
    • MD5 Crack
    • CyberChef
    • SecLists
    • WADcoms
    • LOLBAS
    • GTFOBins
  • Network Security
    • Information Gathering
      • Intro
      • Passive / Active
      • OSINT
      • Social Media
      • Infrastructure
      • DNS
        • NSlookup
        • Dig
        • fierce
        • DNSenum
        • DNSmap
        • DNSrecon
      • Host Discovery
        • Fping
        • Hping
        • Nmap
      • Maltego
      • Foca
      • Breach Data
    • Scanning
      • Intro
      • Wireshark
        • Promiscuous Interface
        • 🟢Filters
        • Colors
        • Follow Stream
      • Scan Types
      • 🟢Hping3
      • Nmap
      • 💚eCPPTv2 - Firewall IDS Evasion
    • 🟢Enumeration
    • Sniffing & MitM Attacks
      • Passive
      • Active
      • MiTM
        • Local to Remote
        • DHCP Spoofing
        • LLMNR Poisoning
        • NBT-NS Poisoning
      • Tools
        • Dsniff
        • Wireshark
        • TCPDump
        • Ethercap
    • Exploitation
    • Post Exploitation
    • Social Engineering
    • Anonymity
  • Linux Exploitation
    • Introduction
    • Information Gathering
      • Remote Enumeration
        • Enum NFS
        • rpcbind
        • SMB
        • SMTP
      • Local Enumeration
        • Network Info
        • System Info
    • Exploitation over the Network
      • Samba
        • UserMap CVE-2007-2447
        • SymLink Directory Traversal
        • SambaCry CVE-2017-7494
        • Writeable Share to RCE
      • PHP CGI
      • Ruby DRB RMI port 8787
      • JAVA RMI Registry - port 1099
      • Exploiting Java Deserialization
      • TomCat
      • Password Spray Attack
      • Shellshock
      • Heartbleed
    • Post Exploitation
      • Intro
      • msfconsole scripts
      • Privilege Escalation
        • Docker
          • Unix Sockets Exploitation
        • Restricted Shells
        • Cracking Shadow File
        • 🟢Dump Memory Credentials
        • 🟢Dump SWAP Credentials
        • 🟢Shared Object Libraries
        • Kernel Exploits
          • Dirty Cow
          • Stack Clash
          • DCCP
          • Race Condition
          • msfconsole
      • Lateral Movement
        • Samba
          • Dump Samba Secrets
        • SSH
          • SSH Hijacking
          • Steal SSH credentials
        • VPNPivot
        • Dump Firefox Credentials
        • Sniffing
      • Data Exfiltration
      • Maintaining Access
        • HTTPS
        • Reverse Shells
        • Custom Services
  • Metasploit
    • Notes
    • 🟢Detect Live Hosts with Metasploit
    • 🟢Port Scanning with Metasploit
    • Network Services Scanning
    • Payloads
    • Exploitation with Metasploit
    • Post Exploitation with Metasploit
  • System Security
    • Page 5
  • Web App Security
    • Best Academy
    • HTTP
      • Basics
      • Encoding
      • Same Origin
      • Cookies
      • Sessions
      • Web Proxies
    • Enumerating
      • Infrastructure
      • Mapping Application
    • Tools
    • XSS
      • Free Courses
      • XSS Types
      • Attack Types
    • SQL Injection
    • CMSs
  • Powershell for Pentesters
    • Page 2
  • Wi-Fi Security
    • Page 6
  • Commands Notes
    • 🟢Information Gathering
    • 🟢Host Discovery
    • 🟢Scanning
    • 🟢Enumeration
    • 🟢MSFVenom
  • Pivoting
    • Tips
    • Socks4 vs Socks5
    • Pivoting Techniques
    • Meterpreter
    • SSH
    • Proxy Chains
    • 🟢Chisel
    • Socat
  • Buffer OverFlow
    • Tips for Bof in eCPPTv2
    • Computerphile - Buffer Overflow
    • The Cyber Mentor - BoF
  • 🟢TryHackMe Rooms
    • 🟢Privilege Escalation
      • LazyAdmin
      • LinuxPrivEsc
      • Empline
      • Windows 10 Privesc
    • 🟢Pivoting
      • Wreath Network
      • VulnNetInternal
    • 🟢Buffer Overflow
      • Gatekeeper
      • Buffer Overflow Prep
    • 🟢Metasploit
      • RP Metasploit
      • Metasploit Intro
  • Community Exam Tips
    • Exploits
    • Shells
    • PrivEsc
    • Report
    • BoF
    • Wordlists
    • 🟢Articles - Exam Reviews
    • 🟢Videos - Exam Reviews
  • Free Courses
    • Page 1
  • Paid Courses
    • Page 3
  • After Exam
    • Page 4
Powered by GitBook
On this page
  • Understanding Privilege Escalation in Windows
  • Precautions and Defenses

Was this helpful?

  1. Methodology

Windows Privilege Escalation

Methodology to Privilege Escalation on Windows

Understanding Privilege Escalation in Windows

Privilege escalation on Windows is a process whereby a user gains higher-level permissions on the system, often by exploiting system vulnerabilities or misconfigurations. The methodology for achieving this can broadly be categorized into two types: vertical and horizontal escalation.

Vertical Privilege Escalation

Vertical privilege escalation involves obtaining higher-level privileges, usually from a standard user to an administrator or system-level account.

Techniques for Vertical Privilege Escalation:

  • Exploiting System Vulnerabilities: This includes taking advantage of known software bugs and flaws that can lead to privilege escalation.

  • Misconfigured Permissions: Sometimes, files, folders, or registry permissions are set incorrectly allowing lower-privileged users to change important settings or files.

  • Token Manipulation: This involves intercepting or creating access tokens that grant higher privileges.

  • Pass-the-Hash Attack: Using leaked or captured password hashes to authenticate as a privileged user without the need for the actual password.

Horizontal Privilege Escalation

Horizontal privilege escalation is when a user extends their privileges to that of a different user who has the same level of privileges.

Techniques for Horizontal Privilege Escalation:

  • Guessing or Cracking Passwords: Trying to gain access to another user's account through password cracking tools.

  • Session Hijacking: Taking over a user session that is already authenticated with the system.

  • Phishing: Tricking a user into disclosing their credentials or executing malicious code that exploits their level of access.

Precautions and Defenses

Ensuring systems are frequently updated, properly configured, and monitored for abnormal activity is crucial to defend against privilege escalation attacks. Use of complex passwords, multi-factor authentication, and privilege auditing can also significantly reduce the risk.

Note: Performing unauthorized privilege escalation on systems that you do not own or do not have explicit permission to test is illegal and unethical. Always obtain proper authorization before conducting any security assessments.

PreviousLinux Privilege EscalationNextLinux Post Exploitation

Last updated 1 year ago

Was this helpful?