Windows Privilege Escalation Cheatsheet

This cheatsheet is aimed at OSCP aspirants to help them understand the various methods of escalating privilege on Windows-based machines and CTFs with examples. There are multiple ways to perform the same task. We have performed and compiled this list based on our experience. Please share this with your connections and direct queries and feedback to Hacking Articles.

Follow us on alt text alt text alt text

image

  1. AlwaysInstallElevated
  2. SeBackupPrivilege
  3. DnsAdmins to DomainAdmin
  4. SeImpersonatePrivilege
  5. HiveNightmare
  6. Logon Autostart Execution (Registry Run Keys)
  7. Boot Logon Autostart Execution (Startup Folder)
  8. Stored Credentials (Runas)
  9. Weak Registry Permission
  10. Unquoted Service Path
  11. Insecure GUI Application
  12. Weak Service Permissions
  13. Scheduled Task/Job (T1573.005)
  14. Kernel Exploit
  15. SamAccountSpoofing (CVE-2021–42278)
  16. SpoolFool
  17. PrintNightmare
  18. Server Operator Group