Privilege escalation techniques on Windows. Exploit insecure file permissions on services that run as NT Authority\SYSTEM.
List all running services
powershell
Get-WmiObject win32_service | Select-Object Name, State, PathName
| Where-Object {$_.State -like 'Running'}Check permission on a file
If interesting (custom) services, check if we can overwrite the executable. See Official Documentation for icacls.
- F – Full access
- M- Modify access
- RX – Read and execute access
- R – Read-only access
- W – Write-only access
icacls "C:\Program Files\<some file>"