Privilege escalation

windows:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version" /C:"System Type"

linux:

cat /etc/issue uname - whoami

enumerating processes

tasklist /SVC ps axu

enumerating network information

ipconfig /all

route print route ifconfig ip a netstat -ano linux: netstat -anp

enumerating firewall status and Rules

netsh advfirewall show currentprofile netsh advfirewall firewall show rule dir=in name=all

must have root privileges iptables -L search for iptables files grep -Hs iptables /etc/*

enumerating scheduled tasks schtasks /query /fo LIST /v crontab -l ls -la /etc/cron.daily cron.weekly cron.hourly ...

enumerating installed apps and patch levels apps: wmic product get name, version, vendor patch level: wmic qfe get Caption, Description, HotfixID, InstalledOn

debian: dpkg -l

redhat rpm -l

enumerating readable/writable files and directories

sysinternalsuite accesscheck accesschk.exe -uws "Everyone" "C:\Program Files"

powershell: Get-ChildItem "C:\Program Files" -Recurse | Get-ACL | ?{$_.AccessToString - match "Everyone\sAllow\s\SModify"}

linux: find / -writable -type d 2>/dev/null

enumerating unmounted disks mountvol

linux: mount cat /etc/fstab lsblk

enumerating device drivers and kernel modules powershell driverquery.exe /v /fo csv | ConvertFrom-CSV | Select-Object 'Display Name', 'Start Mode', Path Get-WMIObject Win32_PnPignedDriver | Select Object Devicename, DriverVersion, Manufacturer | Where-Object {$_.DeviceName -like "VMware"}

linux: lsmod

/sbin/modinfo libata

enumerating binaries that AutoElevate reg query HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Installer reg query HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer

if enabled we can craft a MSI file to elevate our privileges

linux - SUID find / -perm -u=s -type f 2>/dev/null

Automated enumeration windows-privesc-check-master --dump -G

unix-privsec-check standard > output.txt

windows privilege escalation examples:

log in RDP rdesktop x.x.x.x -u admin -p password -g 1024x768 -x 0x80 whoami /groups

nmap -T4 -p- -A

PreviousLinux commandsNextWindows stuff

Last updated

Was this helpful?