Windows Privilege Escalation 3 - Educational Purposes Only

In this continuation of our Windows Privilege Escalation series (Part 3), we dive deeper into exploiting vulnerable services using PowerShell scripts, including a Proof-of-Concept (PoC) and Invoke-PowerShellTCP.ps1. You can easily find these scripts on GitHub with a quick search. After modifying the scripts, we set up a Python web server and use Netcat to listen on port 9443, successfully establishing a reverse shell.

This process wasn’t easy—I walked through it three times to ensure everything was executed correctly. In the second half of the video, we shift our focus to credential hunting. Using various PowerShell commands, we search for sensitive information stored within the compromised system, demonstrating effective techniques for identifying valuable data during post-exploitation.