Patch Management

Windows Privilege Escalation Techniques (Local) – Tradecraft Security Weekly #2

May 18, 2017

In episode 2 of Tradecraft Security Weekly Beau Bullock (@dafthack) discusses Windows privilege escalation techniques. There are many reasons why normal employees should not be local administrators of their own systems. Network administrators tend to lock down permissions correctly for users, but privilege escalation vulnerabilities still arise through various software or system configuration. A few tools and techniques for discovering these vulnerabilities include PowerUp (by @harmj0y), Hot Potato (by foxglovesec), and manually finding exploits for missing MS patches with Searchsploit are discussed. Command Notes: Command to check for installed patches (on the target Windows box): C:> wmic qfe get Caption,Description,HotFixID,InstalledOn Searchsploit command to check for exploits in exploit-db (from Kali): # searchsploit MS16 windows local Import PowerUp C:> powershell.exe -exec bypass PS C:> Import-Module PowerUp.ps1 Links: PowerUp by harmj0y Potato by foxglovesec Tater (PowerShell Implementation of Hot Potato exploit) SessionGopher
prestitial ad