Privilege Escalation - Enumeration (Part 1)

Privilege Escalation - Enumeration (Part 1)

Series -> A Beginner's Guide on Windows Privilege Escalation.

·

2 min read

Hi Readers My name is Sunain and this is Windows Privilege Escalation from my viewpoint. During this series, I will talk about many ways to escalate privileges on Windows-based machines.

You cannot defeat your enemy until you know who they are. ~ Anthony Horowitz

To escalate your privileges around the target you must know some fundamental information about the system environment, User, Network

There can be a lot of information available and it can be overwhelming at first glance

let me help you with what you can look for and how it can be helpful.

System enumeration

Systeminfo: this command will bombard some basic yet necessary details of the environment

Craft this command to extract some juicy information.

image.png

image.png

Hostname: simply displays the hostname portion of the full computer name of the computer.

image.png

wmic qfe: this command displays system patching information which can be helpful to know what kind of patches are installed and what was the last patch. / logicaldisk will show you information about disk drives

image.png

image.png

systeminfo
systeminfo | findstr /B /C:”OS Name” /C:”OS Version” /c:”SystemType” 
hostname
wmic qfe
wmic logicaldisk get caption,description,providername

User enumeration

whoami: It displays the username. this command has some interesting arguments providing some juicy information

image.png

whoami /priv: tells about user privileges

image.png

whoami /groups: Groups that the user belongs to

image.png

net user: All the users of the machine

image.png

net user : view information regarding particular user

image.png

net localgroup : view members list of any particular group

image.png

whoami
whoami /priv
whoami /groups
net user
net user <username>
net localgroup <Group name>

That's it for today we will continue Enumeration in the second part of this article

until then happy hacking!

Thank you for reading.

Signing off.