Domain Privilege Escalation

Ways of Locally Escalating Privileges on Windows box:

• Missing patches

• Automated deployment and AutoLogon passwords in clear text

• AlwaysInstallElevated (Any user can run MSI as SYSTEM)

• Misconfigured Services

• DLL Hijacking and more

• NTLM Relaying a.k.a. Won't Fix

Tools for complete coverage:

• PowerUp: https://github.com/PowerShellMafia/PowerSploit/tree/master/Privesc

• Privesc: https://github.com/enjoiz/Privesc

• winPEAS: https://github.com/carlospolop/PEASS-ng/tree/master/winPEAS

• BeRoot: https://github.com/AlessandroZ/BeRoot

• FullPowers: Restore A Service Account's Privileges https://github.com/itm4n/FullPowers