Home

Awesome

Windows Local Privilege Escalation Cookbook

<p align="center"> <img width="500" height="350" src="/Pictures/Windows-OS-Funny-2.jpg.png"><br /><br > <img alt="Static Badge" src="https://img.shields.io/badge/Version-2.0-blue?link=https%3A%2F%2Fgithub.com%2Fnickvourd%2FWindows-Local-Privilege-Escalation-Cookbook%2Freleases"> <img alt="Static Badge" src="https://img.shields.io/badge/License-MIT-orange?link=https%3A%2F%2Fgithub.com%2Fnickvourd%2FWindows-Local-Privilege-Escalation-Cookbook%2Fblob%2Fmaster%2FLICENSE"><br /><br /> <img alt="GitHub Repo stars" src="https://img.shields.io/github/stars/nickvourd/Windows-Local-Privilege-Escalation-Cookbook?logoColor=yellow"> <img alt="GitHub forks" src="https://img.shields.io/github/forks/nickvourd/Windows-Local-Privilege-Escalation-Cookbook?logoColor=red"> <img alt="GitHub watchers" src="https://img.shields.io/github/watchers/nickvourd/Windows-Local-Privilege-Escalation-Cookbook?logoColor=green"> </p>

Table of Contents

Disclaimer

This repository, "Windows Local Privilege Escalation Cookbook" is intended for educational purposes only. The author bears no responsibility for any illegal use of the information provided herein. Users are urged to use this knowledge ethically and lawfully. By accessing this repository, you agree to use its contents responsibly and in accordance with all applicable laws.

Description (Keynote)

This Cookbook was created with the main purpose of helping people understand local privilege escalation techniques on Windows environments. Moreover, it can be used for both attacking and defensive purposes.

:information_source: This Cookbook focuses only on misconfiguration vulnerabilities on Windows workstations/servers/machines.

:warning: Evasion techniques to bypass security protections, endpoints, or antivirus are not included in this cookbook. I created this PowerShell script, TurnOffAV.ps1, which permanently disables Windows Defender. Run this with local Administrator privileges.

The main structure of this Cookbook includes the following sections for any vulnerability:

I hope to find this CookBook useful and learn new stuff 😉.

If you find any bugs, don’t hesitate to report them. Your feedback is valuable in improving the quality of this project!

Definition

Local Privilege Escalation, also known as LPE, refers to the process of elevating user privileges on a computing system or network beyond what is intended, granting unauthorized access to resources or capabilities typically restricted to higher privilege levels. This process occurs when attackers exploit weaknesses, vulnerabilities, or misconfigurations within the operating system, applications, or device drivers. By exploiting these flaws, attackers can bypass security controls and escalate their privileges, potentially gaining control over the system and accessing sensitive data.

Useful Tools

In the following table, some popular and useful tools for Windows local privilege escalation are presented:

NameLanguageAuthorDescription
SharpUpC#@harmj0ySharpUp is a C# port of various PowerUp functionality
PowerUpPowerShell@harmj0yPowerUp aims to be a clearinghouse of common Windows privilege escalation
BeRootPythonAlessandroZBeRoot(s) is a post exploitation tool to check common Windows misconfigurations to find a way to escalate our privilege
PrivescPowerShellenjoizWindows PowerShell script that finds misconfiguration issues which can lead to privilege escalation
WinpeasC#@hacktricks_liveWindows local Privilege Escalation Awesome Script
PrivescCheckPowerShell@itm4nPrivilege Escalation Enumeration Script for Windows
PrivKitC (Applicable for Cobalt Strike)@merterpreterPrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS

Vulnerabilities

This Cookbook presents the following Windows vulnerabilities:

References