Windows

Without an account
Privilege escalation
Lateralization

Without an account

First, you should perform a Network Recon of your target to identify quick wins or running services you could exploit. Once identified, refer to Web Attacks to attempt remote code execution that could give you an initial foothold on the target or try following exploits.

BlueKeep [CVE-2019-0708]
EternalBlue [MS17-010]
Evade Kiosk Mode
SNMP Enumeration

More initial foothold exploits are be possible if your target is joined to an Active Directory domain.

Privilege escalation

Once you get a low privileged access on a Windows target, you can perform following attacks to escalate your privileges locally. You should perform Windows Enumeration to get as much information as possible before starting to exploit.

Binary Abuse
Cached Credentials Extraction
Microsoft Office Exploit
SeImpersonatePrivilege Abuse
Service Hijacking
SpoolFool [CVE-2022-21999]
Unquoted Service Paths

More privilege escalation exploits are possible if your target is joined to an Active Directory since you can authenticate on the domain from the machine.

Lateralization

DCOM Abuse
Data Protection API Abuse
PSExec Abuse
WinRM Abuse

More lateralization exploits are be possible if your target is joined to an Active Directory.

Windows

Table of contents

Without an account

Privilege escalation

Lateralization