Checklist - Windows Priv Esc
- Use Google to search for kernel exploits
- Use searchsploit to search for kernel exploits
- Check if you have any of these tokens enabled: SeImpersonatePrivilege, SeAssignPrimaryPrivilege, SeTcbPrivilege, SeBackupPrivilege, SeRestorePrivilege, SeCreateTokenPrivilege, SeLoadDriverPrivilege, SeTakeOwnershipPrivilege, SeDebugPrivilege ?
- Can you write in any folder inside PATH?
- Is there any known service binary that tries to load any non-existant DLL?
- Can you write in any binaries folder?
- Enumerate the network(shares, interfaces, routes, neighbours...)
- Take a special look to network services listing on local (127.0.0.1)
- Have you access to any handler of a process run by administrator?
- Check if you can abuse it