Assignment #1 | Assigments | RED TEAM Operator: Privilege Escalation in Windows Course | Products | SEKTOR7 Institute

Assignment #1

Assignment #1

Find another privilege escalation, from non-Admin Medium IL to Admin running in High IL.

Hint #1: You need local admin password found in Credentials module
Hint #2: You don't need to create any custom tool
Hint #3: It's not anyhow complex attack. It's the opposite - super easy. Just look at a process list...

Good luck!

RED TEAM Operator: Privilege Escalation in Windows Course

Buy nowLearn more

Intro and Setup

Introduction to Windows Security

Intro Addendum

Course VM Setup

RTO-LPE.ova

RTO-LPE.zip

Credentials

"Low Hanging Passwords"

"The X Files" - Interesting Files

"Swimming in Hives" - Registry

"A Boss with Creds" - Abusing Credential Manager

"The King is Naked" - Robbing Credential Manager

"A Thief" - Asking User for Creds

Unsecured Objects

"Boundless Servant" - Unsecured Service [1]

"Lonely Vassal"- Unsecured Service [2]

"Hornets' Nest"- Unsecured Service [3]

Execution Flow Hijacking

"Folding Papers"- Unsecured File System

"Hi Jack, Show Me THE WAY" - Exploiting PATH

"Closed. No Service" - Missing Service

"Jobless" - Missing Task

"Library Has Fallen" - DLL Hijacking

"You Ain't Corner Me" - UACME

Getting SYSTEM

"! NeverRemoveDepressed" - AlwaysInstallElevated Hack

"Hi, Sis!" - New Service for SYSTEM

"Nick Has a Leak: Prelude" - Leaked HANDLE [1]

"Nick Has a Leak: Demon" - Leaked HANDLE [2]

"Nick Has a Leak: Sequel" - Leaked HANDLE [3]

"Chip & Dance: Prologue" - Abusing Tokens [1]

"Chip & Dance Show" - Abusing Tokens [2]

"Broken Calumet: Overture" - Exploiting Named Pipes [1]

"Broken Calumet Exposed" - Exploiting Named Pipes [2]

Assigments

Assignment #1

Assignment #2

Assignment #3

Summary

Your Feedback

Course Closing Information