Links

Checklist - Local Windows Privilege Escalation

Best tool to look for Windows local privilege escalation vectors: WinPEAS​

​System Info​

​Network​

​Running Processes​

​Services​

​Applications​

​DLL Hijacking​

  • Can you write in any folder inside PATH?
  • Is there any known service binary that tries to load any non-existant DLL?
  • Can you write in any binaries folder?

​Network​

  • Enumerate the network (shares, interfaces, routes, neighbours, ...)
  • Take a special look at network services listening on localhost (127.0.0.1)

​Leaked Handlers​

  • Have you access to any handler of a process run by administrator?
  • Check if you can abuse it