// notes/ PrivEsc — Windows
🪟
Startup Applications
Similar to [AutoRuns](/windows-privilege-escalation/registy/autoruns.md), the concept of exploiting startup applications is that we configure a malicious executable as a startup a…
#windows privilege escalation#adot8
source · oscp.adot8.com · windows-privilege-escalation/startup-applications ↗Startup Applications
Overview
Similar to AutoRuns, the concept of exploiting startup applications is that we configure a malicious executable as a startup application and hopefully get a Admin shell back when the computer reboots and a Administrator logs in.
Escalation via Startup Applications
View permissions on startup folder using icacls.exe
powerquery
01 icacls.exe "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"