AD Privilege Escalation
  • Iperius Backup Service Privilege Escalation
  • ManageEngine ADSelfService Plus PrivEsc
  • Mimikatz
  • Outlook Reminder Privilege Escalation
  • UAC Windows Privilege Escalation
  • Windows PrivEsc with Kerberos
  • Windows PrivEsc with LocalPotato
  • Windows PrivEsc with Registry Keys
  • Windows PrivEsc with RemotePotato
  • Windows PrivEsc with SeBackupPrivilege
  • Windows PrivEsc with Unquoted Service Path
  • Windows Privilege Escalation
  • Windows Pivoting
  • AD CS (Active Directory Certificate Services) Pentesting
  • Dumping Windows Password Hashes
  • WSL Pentesting
  • Windows Memory Dump Analysis
  • Windows Remote Code Execution from Linux
  • Windows XML EventLog (EVTX)
  • M365 (Microsoft Office 365) Pentesting
  • Microsoft Outlook Message (.msg)
  • Microsoft Word Pentesting
  • Reading OneDrive Logs
Powered by GitBook
On this page

Windows Pivoting

Accessing obtained over one machine to exploit another machine deeper in the network.

PreviousWindows Privilege EscalationNextAD CS (Active Directory Certificate Services) Pentesting

Last updated 1 year ago

After entering the target server, enumerate and search other networks.

arp.exe -a
Copied!

Get-Content c:\Windows\System32\drivers\etc\hosts
ipconfig /all
Copied!

No content yet.

Enumerate Network
Check the ARP Cache in Target Machine
Check IP Addresses
Search Other Network Ranges
Page cover image