Windows Privilege Escalation – Kernel Exploits

Introduction

The kernel is a component of the operating system that sits at the core of it, it has complete control over everything that occurs in the system. Because of this, exploiting vulnerabilities in the kernel will pretty much always result in a full system compromise.

Kernel exploits affect a certain version of a kernel or operating system and they are generally executed locally on the target machine in order to escalate privileges to system.

April 24, 2021 | by Stefano Lanaro | Leave a comment

Guides, Privilege Escalation, Windows

Windows Privilege Escalation – DLL Hijacking

Introduction

DLLs (Dynamic Link Library) are libraries that contain code and procedures used by Windows programs. They are similar to EXE files as they are based on the Portable Executable (PE) file format although they cannot be executed directly. They are similar to .so (Shared Library) files in Unix.

DLL hijacking is a method of injecting malicious code into a given service or application by loading an evil DLL, often replacing the original one, that will be executed when the service starts. This is possible due to the way some Windows applications search and load DLLs, more specifically, if the path to a service’s DLL isn’t already loaded or stored in the system, Windows will start looking for it in the environment path, an attacker can therefore place the malicious DLL in a directory that is part of it to trigger the malicious code.

March 31, 2021 | by Stefano Lanaro | 6 Comments

Guides, Privilege Escalation, Windows

Windows Privilege Escalation – Weak Permission

Introduction

Windows services are sometimes configured with weak permissions linked to the service itself, or to the directory the service is being run from.

This can allow attackers to manipulate the service in order to execute arbitrary code when it starts and escalate privileges to SYSTEM.

February 2, 2021 | by Stefano Lanaro | Leave a comment

Guides, Privilege Escalation, Windows

Windows Privilege Escalation – Token Impersonation

Introduction

Token impersonation is a technique through which a Windows local administrator could steal another user’s security token in order to impersonate and effectively execute commands as that user.

That are certain privileges in Windows that, if enabled, could lead to an attacker escalating privileges to SYSTEM, through various tools that have been designed to specifically exploit this vulnerability.

January 28, 2021 | by Stefano Lanaro | Leave a comment

Checklists, Resources

Windows Privilege Escalation Checklist

Introduction

Privilege escalation is a crucial step in the penetration testing lifecycle, through this checklist I intend to cover all the main vectors used in Windows privilege escalation, and some of my personal notes that I used in previous penetration tests.

January 18, 2021 | by Stefano Lanaro | Leave a comment