Windows Privilege Escalation

Windows Privilege Escalation cheatsheet

Sections Windows Privilege Escalation

Tool Reference

TOOOOOOOOOOLS :)

Enumeration & Situational Awareness

You have a shell. Before exploiting anything, understand where you are, what you have, and what's misconfigured. This page covers manual enumeration and automated tools.

Service & Registry Exploits

Abusing misconfigured services, weak file permissions, unquoted paths, registry misconfigurations, and DLL hijacking to escalate privileges.

Kernel Exploits & Missing Patches

When service misconfigs and token tricks aren't viable, target the kernel itself. Identify missing patches, match them to known exploits, and get SYSTEM through unpatched vulnerabilities.

Token & Potato Attacks

Abuse Windows token privileges to escalate from service accounts (IIS, MSSQL, etc.) to SYSTEM. If you have SeImpersonatePrivilege or SeAssignPrimaryTokenPrivilege, you're one potato away from SYSTEM.