// notes/ PrivEsc — Windows
🪟

Startup Applications

Similar to [AutoRuns](/windows-privilege-escalation/registy/autoruns.md), the concept of exploiting startup applications is that we configure a malicious executable as a startup a…

#windows privilege escalation#adot8
source · oscp.adot8.com · windows-privilege-escalation/startup-applications

Startup Applications

Overview

Similar to AutoRuns, the concept of exploiting startup applications is that we configure a malicious executable as a startup application and hopefully get a Admin shell back when the computer reboots and a Administrator logs in.

Escalation via Startup Applications

View permissions on startup folder using icacls.exe

powerquery
01 icacls.exe "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"
<figure><img src="/files/Tqy0BuKso4h4Ii6yAFVP" alt=""><figcaption><p>Desired output</p></figcaption></figure>