Name: Windows Privilege Escalation for OSCP & Beyond!
Rating: 4.7 (3270 reviews)

Udemy Business

Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

Created byTib3rius ⁣

Last updated 9/2020

English

What you'll learn

Multiple methods for escalating privileges on a Windows system.
In depth explanations of why and how these methods work.
Tools which can help identify potential privilege escalation vulnerabilities on a Windows system.
A setup script you can run on a (free) trial version of Windows 10, creating an intentionally vulnerable VM to practice privilege escalation on.

Course content

3 sections • 19 lectures • 1h 38m total length

Introduction4:15
An introduction to your lecturer and what the course covers, as well as some basic information about how to read commands in the slides. The slides contain all the information from the video lectures, as well as step-by-step instructions for performing the privilege escalations, and are attached as a downloadable resource to this video, along with the tools.zip archive which will be useful for upcoming demos.
Disclaimer: Several files within the tools.zip archive attached to this lecture may trigger your AntiVirus software. Please note that none of the files contained within the archive are viruses, spyware, or other malware. Rather, some of the files (e.g. cve-2018-8120-x64.exe, potato.exe, juicypotato.zip, JuicyPotato.exe, RoguePotato.exe, and PrintSpoofer.exe) are exploits which are used on the course to perform some kind of privilege escalation. As known exploits, they tend to trigger AntiVirus software in order to try and prevent their use.
Lab Setup5:54
A guide on how to set up the lab for this course. You should have a copy of Kali Linux (or your preferred pentesting distribution) ready. The lecture involves copying across the setup script from Kali to a Windows 10 VM and running that script in order to (intentionally) misconfigure Windows.
Privilege Escalation in Windows3:33
A short overview of permissions and access control in Windows, which is necessary to understand how privilege escalation is possible.
Spawning Administrator Shells1:42
This lecture explains how to spawn shells running as the Administrator or SYSTEM user. Note that the reverse.exe binary generated in this lecture is used multiple times in the upcoming demos, so it is recommended that you generate a version suited to your IP address at this point!
Privilege Escalation Tools5:50
An overview of 5 privilege escalation tools: PowerUp, SharpUp, Seatbelt, winPEAS, and accesschk.exe.

Kernel Exploits4:10
An overview of Kernel exploits, and a demo of the CVE-2018-8120 kernel exploit being used to spawn a SYSTEM shell on Windows 7.
Service Exploits16:07
This lecture explains what services are, and then demonstrates 5 types of privilege escalation which services can have: Insecure Service Properties, Unquoted Service Paths, Weak Registry Permissions, Insecure Service Executables, and DLL Hijacking.
Registry Exploits5:12
Demonstrating two privilege escalation methods that relate directly to misconfigurations of the Windows Registry.
Passwords11:34
Sometimes privilege escalation is as easy as finding the administrator's password, and this lecture will show you some common locations and methods to search for passwords on a Windows system.
Scheduled Tasks2:16
Scheduled tasks are hard to find, but if you find a script or program being run as part of a scheduled task, you may be able to escalate privileges.
Insecure GUI Apps2:04
Some GUI apps can be configured to run with admin privileges, and this can almost always lead to popping a shell running as with admin privileges too.
Startup Apps2:29
Unlikely to occur on an exam or a CTF, the ability to create startup apps for administrator users can still be useful if you know that an admin will log in at some point.
Installed Apps2:36
Using everything you've learned so far in the course, it should be no problem identifying exploits with currently installed applications and using their exploit-db entry to escalate your privileges.
Hot Potato2:26
This spoofing attack works on older versions of Windows, but it is still worth knowing and seeing in action.
Token Impersonation10:56
This lecture discusses Token Impersonation, a common method for escalating privileges when you have a shell running as a service account. This section covers the original Rotten Potato exploit, and demos the more recent Juicy Potato, Rogue Potato, and PrintSpoofer exploits.
Port Forwarding4:07
Learn how to access internal Windows ports from your Kali VM using this plink.exe trick!
Privilege Escalation Strategy3:07
As a way of summarizing the course, this video suggests some useful strategies to follow when performing privilege escalation in a time-limited setting, such as an exam.

Requirements

A basic understanding of Windows systems
A familiarity with hacking tools such as Kali Linux and metasploit / msfvenom

Description

This course teaches privilege escalation in Windows, from basics such as how permissions work, to in-depth coverage and demonstrations of actual privilege escalation techniques. The course comes with a full set of slides (150+), and a script which can be used by students to create an intentionally vulnerable Windows 10 configuration to practice their own privilege escalation skills on. This is a 100% privilege escalation course, with absolutely no filler!

Please note that this course is aimed at students currently taking, or planning to take the OSCP, and thus covers more common forms of privilege escalation. Some extra methods are included, and more methods may be added in the future, however this course was not designed to cover every possible (or obscure) method.

Who this course is for:

Beginner and intermediate ethical hackers.
Students currently taking or planning to take the PWK/OSCP course.

What you'll learn

Explore related topics

Course content

Introduction5 lectures • 21min

Privilege Escalation Techniques12 lectures • 1hr 7min

Extras2 lectures • 10min

Requirements

Description

Who this course is for: