Well, That Escalated Quickly…

Common Windows Privilege Escalation Vectors

Imagine this scenario:  You’ve gotten a Meterpreter session on a machine (HIGH FIVE!), and you opt for running getsystem in an attempt to escalate your privileges… but what that proves unsuccessful?  Should you throw in the towel? Only if you’re a quitter… but you’re not, are you?  You’re a champion!!!  :)

In this post I will walk us through common privilege escalation techniques on Windows, demonstrating how to “manually” accomplish each task as well as talk about any related Metasploit modules.  While most techniques are easier to exploit when escalating from Local Administrator to SYSTEM, improperly configured machines can certainly allow escalation from unprivileged accounts in the right circumstances.