{"uuid": "1238b68a-d4a5-402d-b54e-ec89294864ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-1388", "type": "published-proof-of-concept", "source": "https://t.me/toolslounge/599", "content": "Windows privesec\n\n\nIntroduction\nFuzzy Security Guide: https://www.fuzzysecurity.com/tutorials/16.html\n\nPayloadAllTheThings: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md\n\nAbsoloom's Guide: https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/\n\nSushant 747's Guide: https://sushant747.gitbooks.io/total-oscp-guide/privilege_escalation_windows.html\n\nGaining a Foothold\nmsfvenom: https://netsec.ws/?p=331\n\nExploring Automated Tools\nwinpeas: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS\n\nWindows Priv Esc Checklist: https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation\n\nSherlock: https://github.com/rasta-mouse/Sherlock\n\nWatson: https://github.com/rasta-mouse/Watson\n\nPowerUp: https://github.com/PowerShellMafia/PowerSploit/tree/master/Privesc\n\nJAWS: https://github.com/411Hall/JAWS\n\nWindows Exploit Suggester: https://github.com/AonCyberLabs/Windows-Exploit-Suggester\n\nMetasploit Local Exploit Suggester: https://blog.rapid7.com/2015/08/11/metasploit-local-exploit-suggester-do-less-get-more/\n\nSeatbelt: https://github.com/GhostPack/Seatbelt\n\nSharpUp: https://github.com/GhostPack/SharpUp\n\nEscalation Path: Kernel Exploits\nWindows Kernel Exploits: https://github.com/SecWiki/windows-kernel-exploits\n\nKitrap0d Info: https://seclists.org/fulldisclosure/2010/Jan/341\n\nMS10-059: https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS10-059\n\nEscalation Path: Passwords and Port Forwarding\nAchat Exploit: https://www.exploit-db.com/exploits/36025\n\nAchat Exploit (Metasploit): https://www.rapid7.com/db/modules/exploit/windows/misc/achat_bof\n\nPlink Download: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html\n\nEscalation Path: Windows Subsystem for Linux\nSpawning TTY Shell: https://netsec.ws/?p=337\n\nImpacket Toolkit: https://github.com/SecureAuthCorp/impacket\n\nImpersonation and Potato Attacks\nRotten Potato: https://foxglovesecurity.com/2016/09/26/rotten-potato-privilege-escalation-from-service-accounts-to-system/\n\nJuicy Potato: https://github.com/ohpe/juicy-potato\n\nGroovy Reverse Shell: https://gist.github.com/frohoff/fed1ffaab9b9beeb1c76\n\nAlternative Data Streams: https://blog.malwarebytes.com/101/2015/07/introduction-to-alternate-data-streams/\n\nEscalation Path: getsystem\ngetsystem Explained: https://blog.cobaltstrike.com/2014/04/02/what-happens-when-i-type-getsystem/\n\nEscalation Path: Startup Applications\nicacls Docs: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/icacls\n\nEscalation Path: CVE-2019-1388\nZeroDayInitiative CVE-2019-1388: https://www.youtube.com/watch?v=3BQKpPNlTSo\n\nRapid7 CVE-2019-1388: https://www.rapid7.com/db/vulnerabilities/msft-cve-2019-1388\n\nCapstone Challenge\nBasic Powershell for Pentesters: https://book.hacktricks.xyz/windows/basic-powershell-for-pentesters\n\nMounting VHD Files: \n\nCapturing MSSQL Creds: \n\nSursa: https://github.com/Gr1mmie/Windows-Privilege-Escalation-Resources/blob/master/README.md", "creation_timestamp": "2021-09-28T02:31:01.000000Z"}