Privilege escalation checks on Windows involve examining various aspects of the system and its configuration to identify potential vulnerabilities or misconfigurations that could be exploited to elevate privileges.

Labs

• THM: Windows PrivEsc Arena

• THM: Windows PrivEsc

• THM: Bypassing UAC

Tools and Checklists

Here are some common tools and checks used for privilege escalation on Windows systems:

• WinPEAS.exe

• beRoot.exe

• Watson.exe / Invoke-Watson.ps1

• Moriarty.exe

• PowerUp.ps1

• UAC Bypass

• Windows Exploit Suggester - Next Generation (WES-NG)

WinPEAS

Windows Privilege Escalation Awesome Scripts

• https://github.com/carlospolop/PEASS-ng/tree/master/winPEAS

• Invoke-WinPEAS

UACME

UAC Bypass

• https://github.com/yuyudhn/UACME-bin

• https://github.com/hfiref0x/UACME

PowerUp

PowerUp.ps1 is a program that enables a user to perform quick checks against a Windows machine for any privilege escalation opportunities. It is not a comprehensive check against all known privilege escalation techniques, but it is often a good place to start when you are attempting to escalate local privileges.

• PowerUp.ps1

• Advanced PowerUp.ps1 Usage

• HackTricks: PowerUp