Startup Applications

Overview

Similar to AutoRuns, the concept of exploiting startup applications is that we configure a malicious executable as a startup application and hopefully get a Admin shell back when the computer reboots and a Administrator logs in.

Escalation via Startup Applications

View permissions on startup folder using icacls.exe

 icacls.exe "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"
Desired output
PreviousExecutable FilesNextgetsystem