Logged in as: guest | Privilege: 🔴 LOW — need to escalate
| Technique | What It Is | Lab |
|---|---|---|
| Unquoted Service Paths | Service binary path with spaces and no quotes — hijackable | Practice → |
| AlwaysInstallElevated | Registry allows any user to install MSI as SYSTEM | Practice → |
| Weak Service Permissions | Low-priv user can modify service binary path | Practice → |
| Token Impersonation | Impersonate SYSTEM token using PrintSpoofer or Potato | Practice → |
| DLL Hijacking | Place malicious DLL where a privileged app loads it | Practice → |
| Stored Credentials | Credentials saved in Windows Credential Manager | Practice → |