Windows
Table of contents
Without an account
First, you should perform a Network Recon of your target to identify quick wins or running services you could exploit. Once identified, refer to Web Attacks to attempt remote code execution that could give you an initial foothold on the target or try following exploits.
More initial foothold exploits are be possible if your target is joined to an Active Directory domain.
Privilege escalation
Once you get a low privileged access on a Windows target, you can perform following attacks to escalate your privileges locally. You should perform Windows Enumeration to get as much information as possible before starting to exploit.
- Binary Abuse
- Cached Credentials Extraction
- Microsoft Office Exploit
- SeImpersonatePrivilege Abuse
- Service Hijacking
- SpoolFool [CVE-2022-21999]
- Unquoted Service Paths
More privilege escalation exploits are possible if your target is joined to an Active Directory since you can authenticate on the domain from the machine.
Lateralization
More lateralization exploits are be possible if your target is joined to an Active Directory.