Windows Privs

There are many privileges that one can use to escalate privileges:

SeAssignPrimaryPrivilege

Similar to SeImpersonate

SeBackupPrivilege

Allows the user to have read access to any file. You may be limited to using the backup tools to access a file but you can back the file up to a location you have access to.

SeCreateTokenPrivilege

Used to create aprimary token

SeDebugPrivilege

Can be used to adjust the memory of a process owned by any other account.

SeImpersonatePrivilege

Most service accounts have this privilege which allows them to act like any other user.

JuicyPotato
PrintSpoofer
SweetPotato
RogueWinRM

SeLoadDriverPrivilege

Can load and unload drivers. https://www.tarlogic.com/blog/abusing-seloaddriverprivilege-for-privilege-escalation/

SeRestorePrivilege

This provides a user write access to anywhere on the system.

SeTakeOwnershipPrivilege

Allows the user to take ownership of any file or directory.

SeTcbPrivilege

Makes the user part of the trusted computer base.

Full priv esc using tokens cheatsheet: https://github.com/gtworek/Priv2Admin

PreviousPotatos NextTransferring Files

Last updated 3 years ago

Was this helpful?