/Windows-Local-Privilege-Escalation-Cookbook

Windows Local Privilege Escalation Cookbook

Primary LanguagePowerShellMIT LicenseMIT

Windows Local Privilege Escalation Cookbook



Static Badge Static Badge

GitHub Repo stars GitHub forks GitHub watchers

Table of Contents

Disclaimer

This repository, "Windows Local Privilege Escalation Cookbook" is intended for educational purposes only. The author bears no responsibility for any illegal use of the information provided herein. Users are urged to use this knowledge ethically and lawfully. By accessing this repository, you agree to use its contents responsibly and in accordance with all applicable laws.

Description (Keynote)

This Cookbook was created with the main purpose of helping people understand local privilege escalation techniques on Windows environments. Moreover, it can be used for both attacking and defensive purposes.

ℹ️ This Cookbook focuses only on misconfiguration vulnerabilities on Windows workstations/servers/machines.

⚠️ Evasion techniques to bypass security protections, endpoints, or antivirus are not included in this cookbook. I created this PowerShell script, TurnOffAV.ps1, which permanently disables Windows Defender. Run this with local Administrator privileges.

The main structure of this Cookbook includes the following sections for any vulnerability:

  • Description
  • Lab Setup
  • Enumeration
  • Exploitation
  • Mitigation
  • (Useful) References

I hope to find this CookBook useful and learn new stuff 😉.

If you find any bugs, don’t hesitate to report them. Your feedback is valuable in improving the quality of this project!

Definition

Local Privilege Escalation, also known as LPE, refers to the process of elevating user privileges on a computing system or network beyond what is intended, granting unauthorized access to resources or capabilities typically restricted to higher privilege levels. This process occurs when attackers exploit weaknesses, vulnerabilities, or misconfigurations within the operating system, applications, or device drivers. By exploiting these flaws, attackers can bypass security controls and escalate their privileges, potentially gaining control over the system and accessing sensitive data.

Useful Tools

In the following table, some popular and useful tools for Windows local privilege escalation are presented:

Name Language Author Description
SharpUp C# @harmj0y SharpUp is a C# port of various PowerUp functionality
PowerUp PowerShell @harmj0y PowerUp aims to be a clearinghouse of common Windows privilege escalation
BeRoot Python AlessandroZ BeRoot(s) is a post exploitation tool to check common Windows misconfigurations to find a way to escalate our privilege
Privesc PowerShell enjoiz Windows PowerShell script that finds misconfiguration issues which can lead to privilege escalation
Winpeas C# @hacktricks_live Windows local Privilege Escalation Awesome Script
PrivescCheck PowerShell @itm4n Privilege Escalation Enumeration Script for Windows
PrivKit C (Applicable for Cobalt Strike) @merterpreter PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS

Vulnerabilities

This Cookbook presents the following Windows vulnerabilities:

References