Enumeration & PE Quick Ref

Enumeration List
Quick Links

Understanding a users context is important as it decides the direction in which you can move. The link provides commands to collect information about the user's context.

Understanding the system is crucial to enumerate the possible ways Privilege Escalation can be achieved. The link privdes commands to collect information about the system.

You could have gained access as an user belonging to an administrator group but with UAC enabled. This gravely restricts your movement and the link here can help you get out of UAC.

Scan for unquoted service paths

Unquoted paths with relevant permissions can be used to exploit the application that is installed in that path. The exe can be replaced and app/system restarted to get privileged access.

Identify hijackable binaries

This can be a sub category of the previous method as this also involves replacing the binary of a service/application to gain a higher priviledged access. You will need to know the folders that you have access to but that application can run at a higher privilege.

Identify hijackable DLLs

This is a similar method to the previous two where we find replacable files that can help to elevate our privilege, except this involves a DLL. You need to find the DLL of an application that can be replaced and use it to elevate your privilege.

Check for vulnerable scheduled services

This is one of the easier methods as many users schedule tasks for binaries and scripts with improper permissions that can be misused to elevate privileges.

Last updated