Windows

A practical, ordered checklist for Windows local privilege escalation during labs, CTFs, and authorised internal testing.

Active Directory machine demonstrating NTLM hash capture through a writable SMB share, Kerberoasting, MSSQL Silver Ticket abuse, and SeImpersonatePrivilege escalation.

Active Directory machine demonstrating SMB user enumeration, weak password reuse, writable logon script abuse, and GPO-based privilege escalation.

Active Directory machine demonstrating anonymous LDAP enumeration, password reset abuse, SeRestorePrivilege execution, and manual NTDS extraction.

Windows machine demonstrating anonymous FTP exposure, credential recovery from MDB and PST files, Telnet access, and stored credential abuse.

Windows machine demonstrating unauthenticated file upload leading to CloudMe buffer overflow exploitation and administrator access.

Windows machine demonstrating Adobe ColdFusion remote code execution and kernel-based privilege escalation to SYSTEM.

Windows machine demonstrating IIS upload bypass with web.config abuse and kernel exploit privilege escalation.

Active Directory machine demonstrating MSSQL abuse leading to credential leakage and AD CS certificate abuse for full domain compromise.

Active Directory machine demonstrating exposed SMB data, credential reuse, and Backup Operators abuse to dump domain hashes.