Windows Privilege Escalation – AlwaysInstallElevated Policy

Introduction

The Windows installer is a utility which through the use MSI packages can install new software. The AlwaysInstallElevated is a Windows policy that allows unprivileged users to install software through the use of MSI packages using SYSTEM level permissions, which can be exploited to gain administrative access over a Windows machine.

This option is equivalent to granting full SYSTEM rights, which can pose a massive security risk. Microsoft strongly discourages the use of this setting.

February 3, 2021 | by Stefano Lanaro | Leave a comment

Guides, Privilege Escalation, Windows

Windows Privilege Escalation – Runas (Stored Credentials)

Introduction

Runas is a Windows command-line tool that allows a user to run specific tools, programs or commands with different permissions than the user’s current logon provides.

If a user’s credentials are cached in the system, the Runas command can be run using the /savecred flag which will automatically authenticate and execute the command as that user.

February 3, 2021 | by Stefano Lanaro | Leave a comment

Guides, Privilege Escalation, Windows

Windows Privilege Escalation – Weak Permission

Introduction

Windows services are sometimes configured with weak permissions linked to the service itself, or to the directory the service is being run from.

This can allow attackers to manipulate the service in order to execute arbitrary code when it starts and escalate privileges to SYSTEM.

February 2, 2021 | by Stefano Lanaro | Leave a comment

Guides, Privilege Escalation, Windows

Windows Privilege Escalation – Unquoted Service Paths

Introduction

This is a vulnerability that manifests itself whenever the path to the executable used for a service is not surrounded by quotes.

This can be exploited to execute an arbitrary binary when the vulnerable service starts, which could allow to escalate privileges to SYSTEM

February 1, 2021 | by Stefano Lanaro | Leave a comment

CTF Walkthroughs, Hack The Box

Hack The Box – Active Walkthrough

Introduction

This was an easy Windows box which involved accessing an open SMB share, decrypting a Group Policy Preference password found on the share to obtain the Administrator user’s hash which is then cracked to authenticate to the machine as SYSTEM.

February 1, 2021 | by Stefano Lanaro | Leave a comment

CTF Walkthroughs, TryHackMe

TryHackMe – Steel Mountain Walkthrough

Introduction

This was an easy Windows box that involved gaining initial access through a remote command execution vulnerability in the Rejetto HTTP File Server web application and exploiting a unquoted service path vulnerability in the Advanced System Care 9 application to gain SYSTEM level access

January 30, 2021 | by Stefano Lanaro | Leave a comment

Guides, Linux, Privilege Escalation

Linux Privilege Escalation – Scheduled Tasks

Introduction

Linux-based operating systems, like most systems, have a way of scheduling the launch of programs or scripts based on certain time intervals to help automate recurring tasks. This can often become weaknesses and allow attackers to escalate privileges to root if improperly configured.

This guide will go through the main methods used to exploit scheduled tasks.

January 30, 2021 | by Stefano Lanaro | Leave a comment

CTF Walkthroughs, Hack The Box

Hack The Box – Shocker Walkthrough

Introduction

This was a very easy Linux box which involved gaining a user shell by exploiting the really common Shellshock Linux vulnerability and escalating privileges to root by exploiting Perl which could be executed using sudo.

January 29, 2021 | by Stefano Lanaro | Leave a comment

CTF Walkthroughs, Hack The Box

Hack The Box – Bastion Walkthrough

Introduction

This was an easy Windows box that involved extracting and cracking hashes from a Windows .vhd backup image to gain initial access and exploiting a vulnerability in mRemoteNG that allowed to decrypt stored passwords to escalate privileges to SYSTEM.

January 29, 2021 | by Stefano Lanaro | Leave a comment

Guides, Privilege Escalation, Windows

Windows Privilege Escalation – Token Impersonation

Introduction

Token impersonation is a technique through which a Windows local administrator could steal another user’s security token in order to impersonate and effectively execute commands as that user.

That are certain privileges in Windows that, if enabled, could lead to an attacker escalating privileges to SYSTEM, through various tools that have been designed to specifically exploit this vulnerability.

January 28, 2021 | by Stefano Lanaro | Leave a comment

Pentesting

Introduction

Introduction

Introduction

Introduction

Introduction

Introduction

Introduction

Introduction

Introduction

Introduction