Local Privilege Escalation
The CRTP exam consists of 5 target servers in addition to a foothold student machine. The goal is to OS level command execution on all 5 targets not matter what the privileges of the user.
Vectors
There are various ways of locally escalating privileges on Windows box:
Missing patches โ Automated deployment and AutoLogon passwords in clear text
AlwaysInstallElevated (Any user can run MSI as SYSTEM)
Misconfigured Services โ DLL Hijacking and more
NTLM Relaying a.k.a. Won't Fix
This guide offer a sufficiently comprehensive overview of the course material for local privilege escalation
Tools
PowerUp
WinPEAS
Privesc
Automated checks
Services
Find vulnerable service configuration
Add domain user to the local Administrators group
Last updated