Windows Priv Esc - OSCP :|

ArdenUK

Evening All,

I am looking at starting OSCP in the near future, I have done my fair share of vulnhub VMs (I know thats not enough by itself) and for my day job I'm a SOC engineer, blue team etc etc..

The trouble I am having is I work with Linux every day so popping Linux boxes comes a little easier to me that Windows.. Sadly I have no Windows admin experience so I am hoping someone on here could give me a few hints and tips re Windows Priv Esc.

From what I understand there is no one "root" location, root in the windows world is the C:\ or \ etc is that correct?

Is there any commonalities between the two, ie does windows have a version of cronjob, are permissions similar really the bare bones basics of Windows Admin and common pit falls?

Thanks for the taking the time I appreciative its a bit vague!

Ta!

chrisone

try these references

Windows Priv Escalation Fundamentals:
https://www.fuzzysecurity.com/tutorials/16.html

Look for Fuzzy series on "Occult Windows Hacking" which includes the module above.

https://www.fuzzysecurity.com/tutorials.html

Windows Privilege Escalation Fundamentals
I'll Get Your Credentials ... Later!
Windows Userland Persistence Fundamentals
Powershell PE Injection: This is not the Calc you are looking for!
Low-Level Windows API Access From PowerShell
Windows Domains, Pivot & Profit
Anatomy of UAC Attacks
Capcom Rootkit Proof-Of-Concept
Application Introspection & Hooking With Frida

other youtube videos on windows priv esc.
https://www.youtube.com/watch?v=kMG8IsCohHA
http://www.youtube.com/watch?v=_8xJaaQlpBo
https://www.youtube.com/watch?v=PC_iMqiuIRQ&t=2s (Level-Up!)
Elevating privileges by exploiting weak folder permissions | GreyHatHacker.NET

Have fun and prosper!

ArdenUK

Thanks! Just what I needed!

shochan

Very Nice, hi5! ~ Borat