Explore Windows attack techniques and privilege escalation methods in this comprehensive conference talk from DerbyCon 3.0. Delve into topics such as local exploits, credential hunting, unattended installations, user permissions, and service vulnerabilities. Learn about advanced techniques like binary replacement, process debugging, password extraction, and wireless configuration exploitation. Discover persistence methods, including password filters, command-line tunneling, and patch manipulation. Gain insights into authentication bypasses and persistence techniques, such as stealing SSL cookies and exploiting DEP exclusions. Enhance your understanding of Windows security vulnerabilities and attack vectors through this in-depth presentation by Rob Fuller and Chris Gates.
Overview
Syllabus
Intro
Encyclopedia of Windows Privilege Escalation
Old Skewl Local Exploits
Look For Creds On The Box
Unattended Installs - Client
Unattended Installs - Server
User Permissions
AlwaysInstallElevated
Missing Autoruns
Service Quoting - CVE-2000-1128
Service Quoting (Manual)
DLL Loading or Bad permissions
Pentest Monkey Script to Check
MSF getsystem
Binary Replacement
Debugging CMD.exe
Passwords - best persistence method
Passwords through process dumping
Rename on next reboot
Exporting Wireless Configs
BITSADMIN Downloader/Exec
Password Filters (requires reboot)
Password Filters hooking, no reboot
Command Line PPTP Tunnel
Just uninstall a patch
LNK (Shortcuts) with UNC icons
Auth and Persistence
Stealing SSL Cookies
DEP Exclusions
