Back to course

Privilege Escalation Techniques (Windows)

Cyber Security Mastery: From Zero to Hero

Moving from Standard User to System/Administrator

Windows privilege escalation techniques differ due to its centralized security model.

Windows Escalation Vectors

  1. Unquoted Service Paths: If a service path contains spaces and is not enclosed in quotes, Windows may attempt to execute a malicious binary placed earlier in the path.
  2. Vulnerable Service Permissions: Services running as System that allow a standard user to modify their configuration or binary path.
  3. Kernel/OS Exploits: Exploiting unpatched vulnerabilities in the Windows kernel (often requires finding the current build number).
  4. Weak Registry Permissions: Finding vulnerable registry keys that allow code injection.
  5. Stored Credentials: Searching for credentials stored insecurely in files or the Windows Credential Manager.

Tool Note: PowerUp (PowerShell script) and Sherlock are common reconnaissance tools used on Windows to automatically identify potential privilege escalation routes.