Enumeration & PE Quick Ref

Enumeration List	Quick Links
Collect User Information	Understanding a users context is important as it decides the direction in which you can move. The link provides commands to collect information about the user's context.
Collect System Informatio n	Understanding the system is crucial to enumerate the possible ways Privilege Escalation can be achieved. The link privdes commands to collect information about the system.
How to bypass UAC	You could have gained access as an user belonging to an administrator group but with UAC enabled. This gravely restricts your movement and the link here can help you get out of UAC.
Scan for unquoted service paths	Unquoted paths with relevant permissions can be used to exploit the application that is installed in that path. The exe can be replaced and app/system restarted to get privileged access.
Identify hijackable binaries	This can be a sub category of the previous method as this also involves replacing the binary of a service/application to gain a higher priviledged access. You will need to know the folders that you have access to but that application can run at a higher privilege.
Identify hijackable DLLs	This is a similar method to the previous two where we find replacable files that can help to elevate our privilege, except this involves a DLL. You need to find the DLL of an application that can be replaced and use it to elevate your privilege.
Check for vulnerable scheduled services	This is one of the easier methods as many users schedule tasks for binaries and scripts with improper permissions that can be misused to elevate privileges.

Enumeration List

Quick Links

Understanding a users context is important as it decides the direction in which you can move. The link provides commands to collect information about the user's context.

Collect System Informatio n

Understanding the system is crucial to enumerate the possible ways Privilege Escalation can be achieved. The link privdes commands to collect information about the system.

How to bypass UAC

You could have gained access as an user belonging to an administrator group but with UAC enabled. This gravely restricts your movement and the link here can help you get out of UAC.

Scan for unquoted service paths

Unquoted paths with relevant permissions can be used to exploit the application that is installed in that path. The exe can be replaced and app/system restarted to get privileged access.

Identify hijackable binaries

This can be a sub category of the previous method as this also involves replacing the binary of a service/application to gain a higher priviledged access. You will need to know the folders that you have access to but that application can run at a higher privilege.

Identify hijackable DLLs

This is a similar method to the previous two where we find replacable files that can help to elevate our privilege, except this involves a DLL. You need to find the DLL of an application that can be replaced and use it to elevate your privilege.

Check for vulnerable scheduled services

This is one of the easier methods as many users schedule tasks for binaries and scripts with improper permissions that can be misused to elevate privileges.

PreviousWindows Library Files NextEnumeration

Last updated 4 months ago