windows
priv esc
Fuzzy Security reference
Windows Priv Esc Guide -abs
Priv Esc Windows Guide -sushant
Payload all the things
WinPEAS - https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS
Windows PrivEsc Checklist - https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation
Sherlock - https://github.com/rasta-mouse/Sherlock
Watson - https://github.com/rasta-mouse/Watson
PowerUp - https://github.com/PowerShellMafia/PowerSploit/tree/master/Privesc
JAWS - https://github.com/411Hall/JAWS
Windows Exploit Suggester - https://github.com/AonCyberLabs/Windows-Exploit-Suggester
Metasploit Local Exploit Suggester - https://blog.rapid7.com/2015/08/11/metasploit-local-exploit-suggester-do-less-get-more/
Seatbelt - https://github.com/GhostPack/Seatbelt
SharpUp - https://github.com/GhostPack/SharpUp
To install pip incase you don't have it
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py; python get-pip.py
Windows Kernel Exploits - https://github.com/SecWiki/windows-kernel-exploits
We can compile the exploit then set up a web server with python for the victim machine to reach out to and download the file.
We then set up a listener for the victim to connect back to:
MS10-059 Exploit - https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS10-059
Plink Download - https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html