> For the complete documentation index, see [llms.txt](https://ret2basic.gitbook.io/ctfnote/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation.md).

# Windows Privilege Escalation

- [Manual Enumeration](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/manual-enumeration.md): System, user, network, password, and AV
- [Automated Tools](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/tools.md): WinPEAS!
- [Kernel Exploits](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/kernel-exploits.md): Kitrap0d!
- [Passwords and Port Forwarding](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/passwords-and-port-forwarding.md): plink.exe
- [WSL](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/windows-subsystem-for-linux.md): Windows Subsystem for Linux
- [Token Impersonation and Potato Attacks](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/token-impersonation-and-potato-attacks.md)
- [Meterpreter getsystem](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/meterpreter-getsystem.md): Easy win??? Not really.
- [Runas](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/runas.md)
- [UAC Bypass](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/uac-bypass.md)
- [Registry](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/registry.md)
- [Executable Files](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/executable-files-1.md)
- [Startup Applications](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/startup-applications.md)
- [DLL Hijacking](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/dll-hijacking.md)
- [Service Permissions (Paths)](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/service-permissions-paths.md)
- [CVE-2019-1388](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/cve-2019-1388.md)
- [HiveNightmare](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/hivenightmare.md): aka SeriousSam or CVE-2021–36934
- [Bypass Space Filter](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/crazy-stuff.md): C:\PROGRA~2
