Privilege Escalation(Windows)

WINDOWS-SPECIFIC PRIVILEGE ESCALATION

• Cpassword - Group Policy Preference attribute that contains passwords
  • SYSVOL folder of the Domain Controller (encrypted XML)
• Clear text credentials in LDAP(Lightweight Directory Access Protocol)
• Kerberoasting - Domain users can query Kerberos tickets for other users
• Credentials in LSASS(Local Security Authority Subsystem Service)
  • Enforces security policy
• Unattended installation
  • PXE (Preboot Execution Environment) credentials
• SAM database (Security Account Manager)
  • Database that contains user passwords
• DLL hijacking (Dynamic Link Library)
  • Forcing a loader to load a malicious DLL

QUICK REVIEW

• Cpassword and LDAP credentials may contain valuable credentials
• PXE(Preboot Execution Environment) credentials can be used to access system as an authorized user
• DLL hijacking is an attack vector that could allow an attacker to load malware

Penetration Test - Select Your Attacks(15)