Windows Priv Escalation

Hello guys,
could you direct me to some boxes which contain Windows logical vulnerabilities? Im talking especially about "low hanging fruits", quite easy to find and relatively easy to exploit.
Im interested mostly in techniques included here:

https://troopers.de/downloads/troopers19/TROOPERS19_AD_Abusing_privileged_file_operations.pdf

especially with oplocks and symlinks combined.

Or maybe some other places where can I learn those methods?

Tagged:

Comments

  • About 66% of the windows boxes here fall into this category. It's difficult to say "box X uses Y for privesc" because that's a major spoiler.

    The most common ones are service exploitation, overly permissive ACLs and DLL side-loading type attacks.

    The rest are actually rare on HTB.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

Sign In to comment.