High Level Windows Priv Escalation - CraigDonkin/Infrastructure GitHub Wiki

High Level Windows Priv Escalation

  • Weak Permissions on Service Binary

  • DLL Replacement/Missing/Hijacked

  • Password disclosure

    • Config files
    • GPASSWD
    • Unattend
    • Login Scripts
    • Registry
    • LSASS
    • NTDS
    • Cached Domain Credentials
    • Other in memory credentials
    • Pass the hash
    • Credential Managers
    • Volume Shadow Copy

  • Weak file and registry permissions

  • Weak service configurations

  • Network Services

  • Windows exploits

  • 3rd party software exploits

⚠️ **GitHub.com Fallback** ⚠️