Pentesting

Checklist - Local Windows Privilege Escalation

Best tool to look for Windows local privilege escalation vectors: WinPEAS

Network

Services

  • Can you write in any folder inside PATH?

  • Is there any known service binary that tries to load any non-existant DLL?

  • Can you write in any binaries folder?

Network

  • Enumerate the network(shares, interfaces, routes, neighbours...)

  • Take a special look to network services listing on local (127.0.0.1)

  • Have you access to any handler of a process run by administrator?

  • Check if you can abuse it

And more...

If you want to know about my latest modifications/additions or you have any suggestion for HackTricks or PEASS, join the 💬 PEASS & HackTricks telegram group here, or follow me on Twitter 🐦@carlospolopm. If you want to share some tricks with the community you can also submit pull requests to https://github.com/carlospolop/hacktricks that will be reflected in this book. Don't forget to give ⭐ on the github to motivate me to continue developing this book.

Buy me a coffee here