Skip to content

Instantly share code, notes, and snippets.

@dumpmycode
Last active January 22, 2026 09:19
Show Gist options
  • Select an option

  • Save dumpmycode/9c175d29fc1bde4a2d10a34e4219b173 to your computer and use it in GitHub Desktop.

Select an option

Save dumpmycode/9c175d29fc1bde4a2d10a34e4219b173 to your computer and use it in GitHub Desktop.
Windows Privilege Escalation notes

First, get more info on system.

  • systeminfo, whoami /priv*, set or echo %username%

    • check for Hotfixes, OS name, version, arch, environment variables & system (vm). Then look for vulns respective of system.
  • reg query HKLM /f password /t REG_SZ /s, wmic or sc query

    • check for PS version, see if we can run reg query, wmic or sc commands for further info on system.

*Privilege escalation by abusing token privilege (foxglovesecurity blog). Required permission to escalate:

  • SeImpersonatePrivilege
  • SeAssignPrimaryPrivilege
  • SeTcbPrivilege
  • SeBackupPrivilege
  • SeRestorePrivilege
  • SeCreateTokenPrivilege
  • SeLoadDriverPrivilege
  • SeTakeOwnershipPrivilege
  • SeDebugPrivilege

Items to explore:

  • deleting advanced command line loggin in windows
  • port redirection
  • ways to exfil data in windows
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment