https://tahadraidia.com/tags/privilege-escalation/Recent content in Privilege Escalation on Taha DraidiaHugo -- gohugo.ioen-usFri, 03 Dec 2021 09:48:14 +0000https://tahadraidia.com/posts/identify-weak-service-configuration-with-oneliner-of-powershell/Fri, 03 Dec 2021 09:48:14 +0000https://tahadraidia.com/posts/identify-weak-service-configuration-with-oneliner-of-powershell/One of the features of PEN300 MSF script is lazy privilege escalation, it checks for few common excessive permissions and lack of configuration in certain component of the box. The missing part was how to identify weak service configuration? the approach was already known, however how to achieve it using MSF Ruby API or Win32 API seemed doomed. MSF Windows Services class relies on sc_manager, this won’t work with low privileged user.https://tahadraidia.com/posts/build-an-atomic-windows-lab/Thu, 25 Nov 2021 15:32:12 +0000https://tahadraidia.com/posts/build-an-atomic-windows-lab/I have decided to build a Windows virtual machine to run some test scenarios with the goal to automate the repetitive tasks we encounter during an engagement. In the nutshell we are going to build a vulnerable Non-Domain Windows machine with different escalation paths including weak configuration service and Always Install Elevated enabled with some defenses on such as Windows Defender (LOL) and Powershell restricted language to make a bit challenging, or should I say interesting.