Local Privilege Escalation

Service Binary Hijacking

🚧 Work in Progress 🚧

DLL Hijacking

🚧 Work in Progress 🚧

Unquoted Service Paths

🚧 Work in Progress 🚧

Automated Tools

There are several tools available to automate the process of finding privilege escalation paths on Windows systems. Below are some of the popular tools:

PowerUp
Privesc
winPEAS

PowerUp

PowerUp is a PowerShell module from the PowerSploit framework, designed to identify and exploit common privilege escalation paths on Windows systems.

Find services with unquoted paths and spaces in the name

powershell

Get-ServiceUnquoted -Verbose

Find services where the current user can write to the binary path

powershell

Get-ModifiableServiceFile -Verbose

Find services where the current user can modify the service configuration

powershell

Get-ModifiableService -Verbose

Automatically check all common privilege escalation paths

powershell

Invoke-AllChecks

Local Privilege Escalation ​

Service Binary Hijacking ​

DLL Hijacking ​

Unquoted Service Paths ​

Automated Tools ​

PowerUp ​

Local Privilege Escalation

Service Binary Hijacking

DLL Hijacking

Unquoted Service Paths

Automated Tools

PowerUp