HackTricks
Searchโ€ฆ
๐Ÿ‘ฝ
Network Services Pentesting
Checklist - Local Windows Privilege Escalation
Support HackTricks and get benefits!

Best tool to look for Windows local privilege escalation vectors: WinPEASโ€‹

โ€‹System Infoโ€‹

โ€‹Networkโ€‹

โ€‹Running Processesโ€‹

โ€‹Servicesโ€‹

โ€‹Applicationsโ€‹

โ€‹DLL Hijackingโ€‹

  • Can you write in any folder inside PATH?
  • Is there any known service binary that tries to load any non-existant DLL?
  • Can you write in any binaries folder?

โ€‹Networkโ€‹

  • Enumerate the network (shares, interfaces, routes, neighbours, ...)
  • Take a special look at network services listening on localhost (127.0.0.1)

โ€‹Windows Credentialsโ€‹

โ€‹Leaked Handlersโ€‹

  • Have you access to any handler of a process run by administrator?
  • Check if you can abuse it
Support HackTricks and get benefits!
Copy link
On this page
Best tool to look for Windows local privilege escalation vectors: WinPEAS
System Info
Logging/AV enumeration
Network
Running Processes
Services
Applications
DLL Hijacking
Network
Windows Credentials
Files and Registry (Credentials)
Leaked Handlers
Pipe Client Impersonation