Tags:privilage-escalationActive-Directory Related to:hacking,crtp See also: Index: 🗂️ Index of CRTP
Summary
Add a brief overview of what the content is
Introduction
- We are targeting Local Admin and Domain Admin to get higher privilages on the network.
- Although one may be able to complete red team assesment without local privilege escalation, it is always nice to escalate locally
- Ways of locally escalating in windows
- Missing Patches
- Automated deploymeny and AutoLogon passwords in clear text
- AlwatsInstallElevated(Any user can run MSI files as SYSTEM)
- Misconfigured Services
- DLL Hijacking etc
- Tools used
Service issues will be covered in the course
-
unquoted path (bin path uses unquoted path - we drop exe in the path)
- the path should run with higher capability
- great if we can restart manually
-
user can write to binary path or arguments
-
services where configurations / permissions can be modified