CHAPTER 11Windows Privilege Escalation

As you know, the Microsoft Windows operating system is popular among individual users and companies for their employees. There is a lot to cover about privilege escalation on the Windows OS, and as usual, all the concepts are explained through examples. By the end of this chapter, you should be able to start escalating your privileges with ease.

This chapter covers the following topics:

  • How to enumerate the Windows operating system
  • How to transfer files into Windows while in a limited shell
  • Windows kernel exploits
  • Exploiting Windows services
  • Windows GUI exploitation
  • Privilege escalation automation tools

Windows System Enumeration

Before starting to exploit the Windows operating system, we will need to enumerate the host. In this section, you will see all the basic enumeration commands to get the job done.

System Information

To exploit the system for privilege escalation, you will need to understand the operating system details. The systeminfo command will give you plenty of information regarding the target Windows OS:

C:\Users\Gus>systeminfo
 
Host Name:                        WINDOWS10LAB
OS Name:                          Microsoft Windows 10 Enterprise LTSC
OS Version:                       10.0.17763 N/A Build 17763
OS Manufacturer:                  Microsoft Corporation
OS Configuration:                 Member Workstation
OS Build Type:                    Multiprocessor Free
Registered Owner:                 Windows User
Registered Organization:
Product ID:                       00424-90483-55456-AA805
Original Install Date:            6/1/2020, 9:40:20 AM
System Boot Time: 9/8/2020, 5:30:37 ...

Get Kali Linux Penetration Testing Bible now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial