Hacking Notes
  • Hacking Notes
  • Penetration Testing Methodology
    • Host Discovery
    • Information Gathering
    • Exploit Research
    • Exploit Development
    • Exploit Testing
    • Exploiting
    • Information Gathering
    • Privilege Escalation
  • Shells
    • Reverse Shell Cheat Sheet
    • Bind Shell Cheat Sheet
    • Webshells
    • C Shell
  • Stuck?
  • LICENSE
  • Windows
    • Windows Information Gathering
    • Windows PrivEsc
      • Method
      • PE Scripts
      • Potatos
      • Windows Privs
    • Transferring Files
    • Active Directory
      • ad-attacks
      • auth-enumeration
      • unauth-enumeration
      • authentication-delegation
      • reference
      • Kerberos
        • Authentication Delegation
      • mind-map
    • LNK Files
    • SCF Files
    • Compile Code
    • Tips & Tricks
  • Linux
    • Linux OS Information Gathering
    • Linux PrivEsc
      • methodology
      • Privilege Escalation Scripts
        • LinEnum
    • Hosting Files
    • Linux File System
    • Scheduling Jobs
    • POSIX
      • Scripting
      • Notes
  • Web Application Testing
    • Methodology
    • Enumeration
    • Attacks
      • SQLi
      • File Inclusion
      • Directory Traversal
      • Cross-Site Scripting
      • Login Forms
      • Content Injection
      • XSS
    • Assessment Tools
      • ZAP
      • ffuf
      • Nikto
      • wpscan
      • zap
    • Wordpress
      • wpscan
    • Apache
    • Nostromo
  • Services
    • Services
      • Active Directory Administration
      • Cups
      • DFSR
      • DHCP Client
      • DHCP Server
      • DNS
      • FTP
      • HTTP
      • HTTP(S)
      • IIS
      • Imap Encrypted
      • IMAP
      • IPsec
        • Kerberos
        • LDAP
        • ldaps
        • MSRPC
        • MSSQL
        • MySQL
        • Netbios Datagram Service
        • Netbios Name Service
        • Netbios Session Service
        • NFS
        • NNTP
        • NTP
        • Oracle
        • POP3
        • POP3 Encrypted
        • RDP
      • Redis
        • RFSP
        • RPCbind / Portmapper
        • RSIP
        • RTSP
      • RSYNC
        • SMB
        • SMTP
        • SNMP
        • SSH
        • Telnet
        • TFTP
        • VNC
      • VNC Remote Desktop
      • VNC Web Interface
        • WinRM
      • Wins
  • Containers
    • Docker
  • Buffer Overflow
    • Buffer Overflow
    • win32
  • Tools
    • Windows
      • chisel
      • mimikatz
      • mssqlclient.py
      • plink
      • psexec.py
      • smbeagle
      • winexe
    • Linux
      • chisel
      • evil-winrm
      • exiftool
      • Impacket
        • GetADUsers
        • GetNPUsers
        • getST
        • getTGT
        • GetUserSPNS
        • secretsdump
        • smbclient
        • wmiexec
      • jd-gui
      • ldapsearch
      • strings
      • smbeagle
      • Helpful Sites
  • Misc
    • Tunneling
    • Cryptography
    • Regex
    • Tools to Checkout
  • Password Cracking
    • Hashcat
    • John The Ripper
  • Tunneling
    • Tunnels
  • Web3
    • Introduction
    • Audit Process
    • Report Writing
    • List of Tools
    • Web3 References
Powered by GitBook
On this page
  • SeAssignPrimaryPrivilege
  • SeBackupPrivilege
  • SeCreateTokenPrivilege
  • SeDebugPrivilege
  • SeImpersonatePrivilege
  • SeLoadDriverPrivilege
  • SeRestorePrivilege
  • SeTakeOwnershipPrivilege
  • SeTcbPrivilege

Was this helpful?

  1. Windows
  2. Windows PrivEsc

Windows Privs

There are many privileges that one can use to escalate privileges:

SeAssignPrimaryPrivilege

Similar to SeImpersonate

SeBackupPrivilege

Allows the user to have read access to any file. You may be limited to using the backup tools to access a file but you can back the file up to a location you have access to.

SeCreateTokenPrivilege

Used to create aprimary token

SeDebugPrivilege

Can be used to adjust the memory of a process owned by any other account.

SeImpersonatePrivilege

Most service accounts have this privilege which allows them to act like any other user.

  • JuicyPotato

  • PrintSpoofer

  • SweetPotato

  • RogueWinRM

SeLoadDriverPrivilege

SeRestorePrivilege

This provides a user write access to anywhere on the system.

SeTakeOwnershipPrivilege

Allows the user to take ownership of any file or directory.

SeTcbPrivilege

Makes the user part of the trusted computer base.

PreviousPotatosNextTransferring Files

Last updated 3 years ago

Was this helpful?

Can load and unload drivers.

Full priv esc using tokens cheatsheet:

https://www.tarlogic.com/blog/abusing-seloaddriverprivilege-for-privilege-escalation/
https://github.com/gtworek/Priv2Admin