Windows privilege escalation via Misconfigured Services, Registry, SAM/SYSTEM files, User Impersonation
Hi readers this is just another windows privesc article. Here we will be seeing how misconfigured services, registry and exposed SAM/SYSTEM files can be exploited for escalating privileges….
Some windows learning prerequisites:
Types of groups in Windows:
- Regular Groups e.g Administrators, Users
- Pseudo Groups- Groups are created for short period of time. e.g Authenticated Users, NT AUTHORITY\INTERACTIVE
Types of user accounts in Windows:
- User Accounts- Used by users to login. e.g Administrator(default)
- Service Accounts- Used by different software services to run. Cannot be used to login. e.g LocalService, NetworkService, LocalSystem etc.
Access Control lists (ACLs) contains info regarding permissions for accessing a resource in Windows. Each ACL contains one or more Access Control Entries(ACEs)
Note: accesschk.exe binary used in the demonstration below is a older version. Latest version of accesschk cannot be used via cmdline GUI access is required for accepting the eula. It does not have /accepteula option :( fir more details check https://xor.cat/2017/09/05/sysinternals-accesschk-accepteula/
