Windows Integrity Levels | Privilege Structure | Escalation Route

Well I definitely know that understanding Linux file system architecture is easier when and as compared to that of windows. I have looked into many many articles while pen testing about why do we do, what we do, like while executing commands, during privilege escalation phase. So I have decided to share with you all some basic info about it.

GRAPHICAL VIEW of Account Types and Privileges associated with them on windows

I have tried here to explain the things comparing them with Linux. Windows has Integrity Levels , which are obtained via Access Tokens , calculated by SID {Service Identifiers} , managed by Local Security Authority. Integrity : as name says how much things are modified from actual content. And so Integrity Level decides how much permission you have to modify any files or directories on windows.

As you see above , why there arises a need of escalating our privileges on windows machine.

The Access Tokens are associated with each account. Whenever any command is executed, SID is checked to get what rights does a user have on the system. When I type whoami /all as administrator I see long list of rights and permissions I have. But when I do the same as a normal user I don’t have those many.

For example : when I simple run cmd as normal user I have following rights

But when I run the same as administrator authenticating against UAC.

I see long list of rights

Similarly see the difference in attempt to create a user , via normal user’s cmd and admin cmd.

The same command is successful using Admin CMD which was not via Standard User. Thus here arises need to escalating privileges.

Ways to Escalate privileges

Since there are already many blogs about how to do them, I am not repeating the same here. But hope you enjoyed the graphical view and understood ways clearly.

Though every machine is different on the way it is organized to work. You may also need to bypass UAC somewhere , or impersonize tokens or pass the hashes or generate silver/golden ticket. But all have there basics from above mentioned ways.

If you liked it please clap. Your comments and feedback are much appreciated. Happy Hacking !!!

This story is for only sharing knowledge and has no intentions to urge people to hack Microsoft windows one day!!!