Personal Blog
Home
About
Education
Projects
Posts
Docs
Tags
Achat
Aclpwn
Active Directory
Ad-Recycle
Adb
Adcs
Addkeycredentiallink
Adm
Adminer
Aes
Ajenti
Alternative-Data-Streams
Alwaysinstallelevated
Amsi
Android
Android-Burp
Android-React-Native
Ansible
Ansible-Playbook
Apache
Api
Api-Monitor
Apk
Apktool
Apparmor
Applocker
Appport-Unpack
Apt
Apt-Pre-Invoke
Arbitrary-Read
Arbitrary-Write
Arftracksat
As-Rep-Roast
Asar
Aslr
Aslr-Brute-Force
Asp
Aspx
Attacking Services
Aureport
Auth-Bypass
Authorized-Keys
Authorizedkeyscommand
Autologon
Autologon-Credentials
Autorunscript
Aws
Awscli
Azure
Azure-Active-Directory
Azure-Connect
Azure-Devops
Azure-Pipelines
Baron-Samedit
Base64
Bash
Bash-Builtins
Bash-Test
Bash.exe
Bashbug
Bgp-Hijack
Blindsqli
Bloodhound
Bloodhound-Py
Bloodhound-Python
Bloudhound-Python
Bludit
Bof
Bookingpress
Bookmark
Boolean-Based-Sqli
Brainfuck
Bruteforce
Bsondump
Bundler
Burp
Cached-Creds
Cacti
Cadaver
Capabilities
Capcom-Sys
Capsh
Cef-Debugging
Certificate
Certificate-Authority
Certify
Certipy
Certsrv
Cewl
Cgi
Chattr
Chisel
Chm
Chmod
Chrome
Chrome-Debug
Chromeos
Cicd
Cisco
Cisco-Type-7
Client-Certificate
Cms
Cmsms
Cockpit
Code-Analysis
Coldfusion
Command-Injection
Constrained-Language-Mode
Container
Cookies
Copy-Filesepackupprivilege
Core-Dump
Couchdb
Cp
Cpio
Crackmapexec
Crackstation
Crash-Dump
Credentials
Cron
Crypto
Csrf
Cups
Curl
Cutenews
Cve"-2022-0739"
Cve-2010-0832
Cve-2012-5519
Cve-2014-6271
Cve-2014-6287
Cve-2015-6668
Cve-2015-6967
Cve-2016-0099
Cve-2016-10709
Cve-2016-1960
Cve-2017-0199
Cve-2017-0213
Cve-2017-12635
Cve-2017-16995
Cve-2017-5899
Cve-2017-7269
Cve-2017-9101
Cve-2018-1133
Cve-2018-12613
Cve-2018-17246
Cve-2019-12744
Cve-2019-12840
Cve-2019-14287
Cve-2019-17671
Cve-2019-18818
Cve-2019-19609
Cve-2019-5736
Cve-2019-6447
Cve-2019-7304
Cve-2019-9193
Cve-2020-10977
Cve-2020-14321
Cve-2020-25627
Cve-2020-7247
Cve-2021-1675
Cve-2021-27928
Cve-2021-29447
Cve-2021-3156
Cve-2021-32099
Cve-2021-34527
Cve-2021-3560
Cve-2021-4034
Cve-2021-41091
Cve-2021-41103
Cve-2022-22963
Cve-2022-25765
Cve-2022-28468
Cve-2022-30190
Cve-2022-46169
Cve-2023-0386
Cve-2023-22809
Cyberchef
Cypher
Cypher-Injection
Davtest
Dcsync
Debian
Debug
Decompile
Defender
Defender-Bypass-Directory
Delegations
Deobfuscation
Des
Deserialization
Devops
Dig
Directory-Traversal
Dirty-Sock
Dirtycow
Diskshadow
Dive
Django
Dns
Dnsadmins
Dnscmd
Dnsenum
Dnspy
Dnstool
Doas
Docker
Docker Escape
Docker-Group
Docker-Mount
Docker-Tar
Docker-Toolbox
Domain-Controller
Dompdf
Dotdotpwn
Dotnet
Dotnet-Deserialization
Dpapi
Driver
Droopescan
Drupal
Drupalgeddon2
Drupalgeddon3
Dstat
Dynamic-Dns
Dynamic-Reversing
Dynamodb
Easy-Install
Ebooks-Download
Ebowla
Elasticsearch
Elastix
Electron
Employee-Management-System
Enum4linux
Eoploaddriver
Es-File-Explorer
Eternalblue
Evil-Winrm
Evilwinrm
Evolution
Excel
Execute-After-Redirect
Exiftool
Exim
Explodingcan
Exploit
Exploit-Db
Exploitdb
Express
Express-Nunchucks
Extended-Attributes
Facl
Fail2ban
Fastapi
Fcrackzip
Feroxbuster
Ffuf
File Transfers
File-Read
Filezilla
Filter
Finger
Firefox
Firefox-Certificate
Firepwd
Firewall
Flask
Flask-Debug
Flask-Debug-Pin
Flite
Folina
Footprinting and Enumeration
Forcechangepassword
Forward-Shell
Freebsd
Ftp
Gdb
Gdb-Remote
Gdbserver
Genericall
Genericwrite
Genymotion
Getfacl
Getnpusers
Getuserspns
Ghidra
Git
Git-Bucket
Git-Hooks
Gitdumper
Gitea
Github
Gitlab
Gmsa
Gmsadumper
Go
Gobuster
Gogs
Golden-Ticket
Goldenpac
Gpg
Gpg2john
Gpp
Gpp-Decrypt
Gpp-Password
Grafana
Graphql
Groups
Gtfobin
Gtfobins
Guestmount
H2
Hackerone
Hacktricks
Hashcat
Hashcat-Rules
Hastcat
Heartbleed
Helpdeskz
Herokuapp
Hexchat
Hfs
Hidepid
Hive-Nightmare
Host-Manager
Hta
Htaccess
HTB
Htpasswd
Http-Header
Httpfileserver
Hydra
Hyper-V
Hyperion
Icacls
Ida
Idor
Iex
Ifcfg
Iis
Ike
Ike-Scan
Image-Magick
Imap
Impacket
Impacket-Mssqlclient
Impacket-Secretsdump
Impacket-Smbpasswd
Impacket-Smbserver
Initctl
Initrd
Injection
Installutil
Invoke-Nightmare
Ipc
Ipmi
Ipmipwner
Ipsec
Iptables
Ipv6
Irb
Irc
Jar
Java
Java-Spring
Javascript
Jd-Gui
Jdb
Jdwp
Jenkins
Jenkins-Credential-Decryptor
Jetdirect
Jetty
Jinja2
John
Joomla
Journalctrl
Jq
Js
Jsnice
Json
Json-Deserialization
Json.net
Jsp
Juicypotato
Jupyter-Notebook
Jwdp-Shellifier
Jwt
Jwt Pyjwt Express
Jwt-Io
Karmic
Keepass
Kerberoast
Kerberos
Kerbrute
Keytab
Kibana
Kinit
Klist
Knife
Kpcli
Krbrelay
Krbrelayup
Kubectl
Kubeletctl
Kubernetes
Laps
Laravel
Latex
Ldap
Ldapdomaindump
Ldapsearch
Lfi
Ligolo-Ng
Linenum
Linpeas
Linux Privilege Escalation
Local_exploit_suggester
Localstack
Log-Poisoning
Logon-Script
Logstash
Lolbas
Lonelypotato
Lookupsid
Lookupsids
Lsattr
Lua
Luvit
Lxc
Lxd
Machine-Account
Macros
Magento
Mail-Poisoning
Marshalsec
Mass-Assignment
Mattermost
Maven
Mbox
Mdbtools
Memcached
Metasploit
Meterpreter
Mibs
Mimikatz
Mimikittenz
Minikube
Mobile Pentesting
Mongo
Mongodb
Mongodump
Moodle
Moodle-Plugin
Motd
Mount
Mremoteng
Ms-Ds-Machineaccountquota
Ms08-067
Ms10-051
Ms10-095
Ms11-046
Ms14-058
Ms14-068
Ms15-051
Ms16-014
Ms16-032
Ms17-010
Msbuild
Msfconsole
Msfvenom
Msgconvert
Msi
Msmtprc
Msoffice
Mssql
Mssql-Shell
Mssqlclient
Mssqlproxy
Mutt
Mutual-Authentication
Mysql
Mysql-File-Write
Mysqldump
Nano
Neo4j
Net-Ntlmv2
Net-Use
Netbsd
Netpgp
Network Pentesting
Nfs
Nginx
Nginx-Aliases
Nishang
Nmap-Over-Proxy
No-Ip
Node-Serialize
Nodejs
Nodered
Noexec
Nosql
Nosql-Auth-Bypass
Nosql-Injection
Nostromo
Nsclient++
Nslookup
Nsupdate
Ntds
Ntlm-Http
Ntlm-Theft
Ntpdate
Nvms-1000
Oauth
Obfuscation
Ocr
Odat
Off-by-Slash
Office
Olevba
Onesixtyone
Ook!
Openemr
Opennetadmin
Opensmtpd
Openssl
Openssl-Bruteforce
Openvpn
Oracle
Orchard-Cms
OSINT
Out-Minidump
Overflow
Package
Pam-Wordle
Pandora-Fms
Papercut
Parameter-Injection
Pass-the-Hash
Passbolt
Passenger
Passpie
Passthehash
Passwd
Password-Reuse
Password-Spray
Path-Hijack
Pattern-Create
Payloadsallthethings
Pbx
Pcap
Pd4ml
Pdf
Pdfdetach
Pdfkit
Pdftex
Penglab
Perl
Pfsense
Pfx2john
Pgp
Phantom-Js
Phar
Phishing
Photorec
Php
Php Injection
Php-8.1.0-Dev
Php-Backdoor
Php-Deserialization
Php-Disable-Functions
Php-Filter
Php-Filter-Injection
Php-Proc_open
Phpggc
Phpmyadmin
Phusion
Pickle
Pihole
Ping-Sweep
Pip
Pipeline
Pivot
Pivoting, Tunneling and Port Forwarding
Pkg
Pkinittools
Playsms
Plex
Portable-Kanban
Postfix
Postgresql
Potato
Powermad
Powershell
Powershell-Configuration
Powershell-Credentials
Powershell-History
Powershell-Run-As
Powershell-Runas
Powershell-Web-Access
Powersploit
Powerup
Powerview
Preg_replace
Printer
Printnightmare
Privesccheck
Proc
Procdump
Process-Architechure
Procmon
Projects
Proxychains
Prtg
Psbypassclm
Psexec
Psexec-Py
Pspy
Psql
Pstranscript
Psy
Pwk
Pwn
Pwn-Jenkins
Pwn.college
Pwndbg
Pwnkit
Pwntools
Pycdc
Pyinstaller
Pyinstxtractor
Pyjwt
Pylnker
Pypi
Pypykatz
Python
Python-Eval
Python-Injection
Python-Library-Hijack
Python-Path
Python-Re
Python-Venv
Python2-Input
Pywhisker
Qemu
Qrcode
Race-Condition
Rakp
Raspberrypi
Rbash
Rbcd
Rcpclient
React-Native
Readgmsapassword
Readpst
Redis
Regex
Registry
Remmina
Responder
Ret2libc
Reverse-Engineering
Rfi
Rid
Rocket-Chat
Roguepotato
Rop
Rottenpotato
Roundcube
Rpc
Rpc-Password-Reset
Rpcclient
Rss
Rtf
Rubeus
Ruby
Run-As
Runas
Runascs
Runc
S3
Samba
Sattrack
Scf
Scheduled-Task
Screen
Screenshare
Scriptreplay
Sddl
Searchor
Searchsploit
Sebackupprivilege
Seclists
Second-Order-Sqli
Secretsdump
Seeddms
Seimpersonate
Selenium
Selinux
SeLoadDriverPrivilege
Serestoreprivilege
Server-Operators
Serverside-Xss
Service
Service-Hijack
Session-Poisoning
Setup-Py
Shadow
Shadow-Credential
Shadow-Credentials
Shadow-Simulation
Shared-Object
Sharepoint
Sharp-Collection
Sharphound
Sharpwsus
Shellcode
Shells and Payloads
Shellshock
Sherlock
Showmount
Silver-Ticket
Simple-Modify-Headers
Sirep
Skipfish
Smb
Smbclient
Smbmap
Smbserver
Smevk
Smtp
Smtp-User-Enum
Snap
Snapcraft
Snmp
Snmp-Brute
Snmpbulkwalk
Snmpwalk
Socat
Source-Code
Spice
Splunk
Splunk-Whisperer2
Spring-Cloud-Function-Spel-Injection
Spring-Cloud-Function-Web
Springboot
Sqlcmd
Sqli
Sqli Injection
Sqli-Bypass
Sqli-File
Sqli-Union
Sqlite
Sqlmap
Sqlplus
Squid
Ssh
Ssh-Keygen
Sslscan
Ssrf
Ssti
Steganography
Steghide
Stickynotes
Strapi
Stretch
Strongswan
Su
Subdomain
Sudo
Sudoedit
Sudoers
Suid
Supervisor-Process-Manager
Supervisord
Svn
Svwar
Swagger
Swaks
Systemctl
Systeminfo
Tamper
Tar
Tcpdump
Teamviewer
Telnet
Tesseract
Testdisk
Text2speech
Tftp
Thymeleaf
Ticketer
Tightvnc
Tiny-File-Manager
Tmux
Tomcat
Tomcat-Manager
Torrent-Hoster
Tunnel
Ubuntu
Udp
Umbraco
Unicode
Unifivideo
Upload
Uri-Parsing
Usbcreator
User-Agent
Username-Anarchy
Uvicorn
Var-Crash
Vault-Project
Vba
Vbs
Vhd
Vhost
Vhosts
Vim
Visual-Studio
Visualstudio
Volatility
Vsftpd
Vss
Waf
War
Wasm
Wasm-Fiddle
Watson
Web Attacks
Web-Config
Webassembly
Webdav
Webmail
Webmin
Webshell
Websocket
Websocket-Sqli
Werkzeug
Werkzeug-Debug
Wfuzz
Whisker
Wildcard
Windows
Windows Privilege Escalation
Windows-Device-Portal
Windows-Exploit-Suggester
Windows-Firewall
Windows-Iot-Core
Windows-Service
Winlogon
Winpeas
Winrm
Winrm-Keys
Wireshark
Wmiexec
Wordpress
Wordpress-Plugin
Wp-Job-Manager
Wpad
Wpscan
Writeowner
Wscat
Wsl
Wsus
X11
X64dbg
Xampp
Xauthority
Xp
Xp-Cmdshell
Xp-Dirtree
Xss
Xxd
Xxe
Yaml
Yaml-Deserialization
Yaml-Payload
Ysoserial.net
Zabbix
Zip2john
Zone-Transfer
[Pentesting] Windows Privilege Escalation
This section will contain Windows Privilege Escalation notes and materials.
The links to notes and materials will be added in future…
Windows Privilege Escalation