Privilege Escalation(Windows)
WINDOWS-SPECIFIC PRIVILEGE ESCALATION
- Cpassword - Group Policy Preference attribute that contains passwords
- SYSVOL folder of the Domain Controller (encrypted XML)
- Clear text credentials in LDAP(Lightweight Directory Access Protocol)
- Kerberoasting - Domain users can query Kerberos tickets for other users
- Credentials in LSASS(Local Security Authority Subsystem Service)
- Enforces security policy
- Unattended installation
- PXE (Preboot Execution Environment) credentials
- SAM database (Security Account Manager)
- Database that contains user passwords
- DLL hijacking (Dynamic Link Library)
- Forcing a loader to load a malicious DLL
QUICK REVIEW
- Cpassword and LDAP credentials may contain valuable credentials
- PXE(Preboot Execution Environment) credentials can be used to access system as an authorized user
- DLL hijacking is an attack vector that could allow an attacker to load malware