OSCP Notes
  • Introduction
  • Port Scanning
  • Nmap Port Scanning
  • Nmap Scripts
  • Services Enumeration
    • SMB Enumeration (Port 139, 445)
    • SNMP Enumeraion (Port 161)
    • NFS Enumeration (Port 111, 2049)
    • SMTP Enumeration (Port 25)
    • DNS Enumeration (Port 53)
    • POP3 (Port 110, 25*)
    • MySQL (Port 3306)
    • Oracle (Port 1521)
    • MsSQL (Port 1433)
  • Web / HTTP
    • Web Scanning
    • CMS
    • Directory Fuzzing
    • File Upload
      • Bypass file upload filtering
      • Bruteforcing extensions
      • WebDAV
    • Bruteforce Authentication
    • LFI and RFI
      • Interesting Files for LFI
      • Null Byte Injection
      • PHP Wrappers
    • ShellShock
    • Post Requests
  • password attacks
    • Brute-force service password
    • Cracking Password
    • Custom Worldlist
  • Exploitaion
    • Searchsploit
    • Compiling the Exploit
  • shell
    • Bind and Reverse shell
    • Upgrading shell
    • msfvenom
  • Linux Post Exploitation
    • Linux Manual Exploitation
    • Linux post exploitation scripts
    • Kernel Exploitation
  • windows post exploitation
    • General
    • Manual Exploitaion
    • Dumping the sam file
    • SUDO SU
    • Automated enumeration script
    • Windows Exploit Suggester
  • file transfer
    • General
    • Linux
    • Windows
  • cheatsheets
    • Command injection Cheatsheet
    • Find Command Cheatsheet
    • Netcat
    • SQL Injection Bypass
    • CheckList
    • XSS Payload
Powered by GitBook
On this page
  • Window privesc in brief
  • Common technique
  1. windows post exploitation

General

Window privesc in brief

  1. Stored Credentials

  2. Windows Kernel Exploit

  3. DLL Injection

  4. Unattended Answer File

  5. Insecure File/Folder Permissions

  6. Insecure Service Permissions

  7. DLL Hijacking

  8. Group Policy Preferences

  9. Unquoted Service Path

  10. Always Install Elevated

  11. Token Manipulation

  12. Insecure Registry Permissions

  13. Autologon User Credential

  14. User Account Control (UAC) Bypass

  15. Insecure Named Pipes Permissions

  16. Scheduled task

Common technique

PreviousKernel ExploitationNextManual Exploitaion

Last updated 3 years ago

Videos -

YouTube
WPE-01 - Stored Credentials
WPE-02 - Windows Kernel
WPE-03 - DLL Injection
WPE-04 - Weak Service Permissions
WPE-05 - DLL Hijacking
WPE-06 - Hot Potato
WPE-07 - Group Policy Preferences
WPE-08 - Unquoted Service Path
WPE-09 - Always Install Elevated
WPE-10 - Token Manipulation
WPE-11 - Secondary Logon Handle
WPE-12 - Insecure Registry Permissions
WPE-13 - Intel SYSRET