windows privilege escalation oscp
sh3llp0pp3r
Registered Users Posts: 3 ■□□□□□□□□□
Hey guys
I am prepping for oscp exam.
Windows priv esc has not been my forte.
I am fine with most 2003,xp boxes but the newer ones i have trouble with.Don't know what to look for.
Could you please share some links with me to sharpen my skills in this area.
Also if there is any place I can practice these techniques i would love that too.
I am prepping for oscp exam.
Windows priv esc has not been my forte.
I am fine with most 2003,xp boxes but the newer ones i have trouble with.Don't know what to look for.
Could you please share some links with me to sharpen my skills in this area.
Also if there is any place I can practice these techniques i would love that too.
Comments
-
mokaz
Member Posts: 172
These are some of my bookmarks on the subject:
» Blog Archive » windows privilege escalation via weak service permissions
https://blog.netspi.com/windows-privilege-escalation-part-1-local-administrator-privileges/
FuzzySecurity | Windows Privilege Escalation Fundamentals
Tim Arneaud: Windows Privilege Escalation - a ****
Get the jollyfrogs root loot script as well:
[Winbatch] Jollyfrogs-batch - Pastebin.com
Check exploits like these;
https://www.exploit-db.com/exploits/15589/
https://www.exploit-db.com/exploits/38200/
Hope this help, may the force be with you ! -
Liindolade
Member Posts: 21 ■□□□□□□□□□
sh3llp0pp3r wrote: »I am fine with most 2003,xp boxes but the newer ones i have trouble with.Don't know what to look for.
As you can tell from the links posted by mokaz, there are different ways to escalate privileges - misconfigured programs, exploits, and others.
In order to make the most of the exploit route, try to stay up to date with new vulnerabilities/exploits related to Windows privilege escalation. exploit-db is a good source (keep an eye on newly added entries). Others can be Bugtraq and Full Disclosure mailing lists. I like to review Microsoft advisories for security updates as they often list recent privilege escalation vulnerabilities and mention their CVE-IDs, which makes it easier to search for exploit code.
May sound like a lot of work, but once I had turned it in into a process that worked for me, it took me about ten minutes per day.
Whether you want to follow "exploit news" or not, this script is VERY useful for finding appropriate Windows exploits:
https://github.com/GDSSecurity/Windows-Exploit-Suggester
("This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.") -
NovaHax
Member Posts: 502 ■■■■□□□□□□
-
si20
Member Posts: 543 ■■■■■□□□□□
I must admit, despite passing the OSCP - I thought it could have covered Windows privilege escalation more. There were a few good examples but not many and it was 10x more fulfilling escalating privileges on a Windows machine rather than a Linux box. If you ask me now: "How would you escalate privileges on Windows?" - honestly...i'm not sure. I know I can look at exploits and I know there are lists of common misconfigs etc. But how do you go from that, to actually doing it? The OSCP is great but it does need a few tweaks in some areas.