Privilege Escalation

The general goal of Windows privilege escalation is to further our access to a given system to a member of the Local Administrators group or the NT AUTHORITY\SYSTEM LocalSystem account. There may, however, be scenarios where escalating to another user on the system may be enough to reach our goal. Privilege escalation is often vital to continue through a network towards our ultimate objective, as well as for lateral movement.

As penetration testers, it's vital to understand manual privilege escalation techniques, especially in restrictive environments. When placed on a managed workstation with no internet, strict firewalls, and disabled USB ports, relying solely on tools or scripts may not be an option. In such cases, mastering Windows privilege escalation checks via PowerShell and the command line is essential.

Some of the ways that we can escalate privileges are:

• Abusing Windows group privileges

• Abusing Windows user privileges

• Bypassing User Account Control

• Abusing weak service/file permissions

• Leveraging unpatched kernel exploits

• Credential theft

• Traffic Capture