Privilege Escalation [PrevEsc]
Privilege Escalation
Manual Enumeration
Users
Windows:
Identify the current user:
whoami net user
Linux:
Identify the current user and user details:
whoami id
Hostname
Windows:
Obtain system and hostname information:
systeminfo hostname
Linux:
Obtain system and hostname information:
uname -a hostname cat /etc/issue
Running Processes and Services
Windows:
List running processes and associated services:
Linux:
List all running processes:
Network Information
Windows:
Obtain network information:
Linux:
Obtain network information:
Firewall
Windows:
Check Windows firewall settings:
Linux:
Check iptables rules:
Scheduled Tasks
Windows:
List scheduled tasks:
Linux:
List scheduled tasks:
Applications and Patch Levels
Windows:
List installed applications and patches:
Linux:
List installed packages:
Readable/Writable Files
Windows:
Check permissions of files and directories:
Linux:
Find writable directories:
Unmounted Disks
Windows:
List unmounted disks:
Linux:
List unmounted disks:
Drivers and Kernel Modules
Windows:
List installed drivers:
Linux:
List loaded kernel modules:
Binaries that Auto Elevate
Identify binaries that auto elevate privileges.
Automated Enumeration
Tools
Use various tools for automated privilege escalation enumeration:
Windows:
windows-privesc-checker
Watson
Sherlock
PowerUp
Windows-Exploit-Suggester
JAWS
WinPEAS.exe and .bat
Linux:
linPEAS
LinEnum
Windows PrivEsc
Insecure File Permissions
Using PowerShell:
Set execution policy and use PowerUp tool:
Check file permissions:
Unquoted Service Paths
Create a malicious .exe file in one of the unquoted paths.
Linux PrivEsc
Understanding Permissions in Linux
Learn about file and directory permissions in Linux.
sudo -l
Check sudo privileges:
sudo vim -c ':!/bin/bash'
Escalate privileges using Vim:
Last updated
Was this helpful?