Windows Privilege Escalation

Overview

Windows privilege escalation elevates access from a standard user to SYSTEM or Administrator. After gaining initial access, escalation targets misconfigurations in services, registry settings, scheduled tasks, token privileges, and UAC bypasses. Always start with whoami /priv and automated tools (winPEAS) to identify vectors quickly.

Topics in This Section

• Service Exploitation
• Token Impersonation
• Registry Exploits
• Scheduled Task Abuse
• UAC Bypass

General Approach

1. Run automated enumeration — winPEAS to identify all potential vectors
2. Check token privileges — whoami /priv for SeImpersonate, SeDebug, SeBackup, etc.
3. Check services — unquoted paths, writable service binaries, weak permissions
4. Check registry — AlwaysInstallElevated, autorun entries, stored credentials
5. Check scheduled tasks — writable scripts, misconfigured permissions
6. Check installed software — known vulnerable versions
7. UAC bypass — if already local admin but running in medium integrity