URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Submission: On May 07 via api from CA

Summary

This website contacted 19 IPs in 3 countries across 11 domains to perform 75 HTTP transactions. The main IP is 104.21.83.51, located in San Francisco, United States and belongs to CLOUDFLARENET, US. The main domain is pentest.blog.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 29th 2020. Valid for: a year.
This is the only time pentest.blog was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
29 pentest.blog pentest.blog
12 c.disquscdn.com pentestblog.disqus.com
disqus.com
c.disquscdn.com
6 a.disquscdn.com c.disquscdn.com
5 disqus.com pentestblog.disqus.com
c.disquscdn.com
4 fonts.gstatic.com fonts.googleapis.com
3 s.w.org pentest.blog
3 www.google-analytics.com pentest.blog
www.google-analytics.com
2 accounts.google.com apis.google.com
ssl.gstatic.com
2 apis.google.com c.disquscdn.com
apis.google.com
2 connect.facebook.net c.disquscdn.com
connect.facebook.net
2 pentestblog.disqus.com pentest.blog
1 referrer.disqus.com
1 ssl.gstatic.com accounts.google.com
1 www.facebook.com c.disquscdn.com
1 www.googletagmanager.com pentest.blog
1 fonts.googleapis.com pentest.blog
75 16
Subject Issuer Validity Valid
pentest.blog
Cloudflare Inc ECC CA-3
2020-08-29 -
2021-08-29
a year crt.sh
upload.video.google.com
GTS CA 1C3
2021-04-13 -
2021-07-06
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2021-04-13 -
2021-07-06
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2021-04-13 -
2021-07-06
3 months crt.sh
*.disqus.com
DigiCert SHA2 Secure Server CA
2020-04-20 -
2022-05-09
2 years crt.sh
*.google.com
GTS CA 1O1
2021-04-13 -
2021-07-06
3 months crt.sh
*.w.org
Sectigo RSA Domain Validation Secure Server CA
2019-12-19 -
2021-12-18
2 years crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-08-15 -
2021-08-15
a year crt.sh
*.disquscdn.com
GlobalSign Atlas R3 DV TLS CA 2020
2021-03-22 -
2022-04-23
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2021-04-06 -
2021-07-03
3 months crt.sh
*.apis.google.com
GTS CA 1C3
2021-04-13 -
2021-07-06
3 months crt.sh
accounts.google.com
GTS CA 1O1
2021-04-13 -
2021-07-06
3 months crt.sh

This page contains 3 frames:

Primary Page: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Frame ID: 0DA3ED02BDF7BC31A8DB8BB76D41ADF9
Requests: 47 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
Frame ID: CDC8E5050981BCE0F49CEC9C76646B53
Requests: 26 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: EE4F82FC4BA993E3B6F6C6E4FC2E364D
Requests: 3 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

75
Requests

100 %
HTTPS

72 %
IPv6

11
Domains

16
Subdomains

19
IPs

3
Countries

1411 kB
Transfer

3250 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

75 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
pentest.blog/windows-privilege-escalation-methods-for-pentesters/
88 KB
20 KB
Document
General
Full URL
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1bfb6f2343446cef6183476a8e72ac1833ca9e9375f03dcee452b1ba08ab72d4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:method
GET
:authority
pentest.blog
:scheme
https
:path
/windows-privilege-escalation-methods-for-pentesters/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:22 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822; expires=Sun, 06-Jun-21 00:20:22 GMT; path=/; domain=.pentest.blog; HttpOnly; SameSite=Lax
link
<https://pentest.blog/wp-json/>; rel="https://api.w.org/" <https://pentest.blog/wp-json/wp/v2/posts/454>; rel="alternate"; type="application/json" <https://pentest.blog/?p=454>; rel=shortlink
x-frame-options
SAMEORIGIN
x-xss-protection
1
cf-cache-status
DYNAMIC
cf-request-id
09e5cb77c800004c6db02a5000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=eFNBlTZ5BAxC0%2Bq%2F%2FxxNc4ENn75LXm7I%2BUNPwfg%2BBTmBHu2d2jyKfUyP2hgDxqPxAN744C7WRIoSmEUt5PMp3vfD7ecT%2BzLN4iiD1Tc%3D"}]}
nel
{"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15552000; includeSubDomains; preload
server
cloudflare
cf-ray
64b648393e0a4c6d-AMS
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
0I43Bxg6NSCFiP6ZrmEK6USGESM.js
pentest.blog/cdn-cgi/apps/head/
7 KB
3 KB
Script
General
Full URL
https://pentest.blog/cdn-cgi/apps/head/0I43Bxg6NSCFiP6ZrmEK6USGESM.js
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
81bc56a45a26c9708def87a97e682483fcb6b959b492aca792b1f57b7df0096c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

:path
/cdn-cgi/apps/head/0I43Bxg6NSCFiP6ZrmEK6USGESM.js
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:22 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
1173757
content-type
application/javascript; charset=utf-8
strict-transport-security
max-age=15552000; includeSubDomains; preload
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id
55GVAXP3F054ZYZ7
x-amz-id-2
16s9ApR0rC54fchFZj4Nd8NNCd8nXKF2Rc2tkhadGM/hULRvzswJu9vsdQ3eMVXhL7jjcS7WHpA=
last-modified
Tue, 12 Sep 2017 11:59:56 GMT
server
cloudflare
etag
W/"fbf1f72c31c7fa28593a2cd1956ffe53"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tpvryIr8mTw0cV1oy04PxWnRC8M%2BbeDAn0MdmY4PStW26Ss8Iidy96njRUleQNA%2B5E%2FSZ6pR%2BGNOcLonLAVzhHKlM6FXZCEr5m9OSAM%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
kepm_nuPj0cUSjPrZMbiua9zwlPiWeF6
cache-control
public, max-age=31536000
cf-request-id
09e5cb78c700001eb5f5284000000001
cf-ray
64b6483add521eb5-AMS
style.min.css
pentest.blog/wp-includes/css/dist/block-library/
57 KB
8 KB
Stylesheet
General
Full URL
https://pentest.blog/wp-includes/css/dist/block-library/style.min.css?ver=5.7
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29778a6252b89c79ad8a313692c3f4b8ff5e300c463858732f28da488dd2cc05
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:path
/wp-includes/css/dist/block-library/style.min.css?ver=5.7
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:22 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
6904
strict-transport-security
max-age=15552000; includeSubDomains; preload
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e5cb78c500001eb5ce357000000001
last-modified
Fri, 19 Mar 2021 12:50:06 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"60549dfe-e358"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=5g61PezG04cCeytgAeC75gOkr%2FiC6h4WI7nhtRVRb7bRo0QPmxHxwy9E8U8NxOCHe1HZM7h4%2F6Pr3HsnncXbN05%2B0oRaRa5%2FFO3DjYQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
x-xss-protection
1
cache-control
max-age=43200
cf-ray
64b6483add4b1eb5-AMS
bootstrap.min.css
pentest.blog/wp-content/themes/sparkling/assets/css/
118 KB
18 KB
Stylesheet
General
Full URL
https://pentest.blog/wp-content/themes/sparkling/assets/css/bootstrap.min.css?ver=5.7
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:path
/wp-content/themes/sparkling/assets/css/bootstrap.min.css?ver=5.7
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:22 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
6904
strict-transport-security
max-age=15552000; includeSubDomains; preload
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e5cb78c800001eb5f4861000000001
last-modified
Mon, 15 Apr 2019 11:27:42 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"5cb46aae-1d970"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XnGuz0ndvXNFrh2EjkYIzvQwofWeZ%2B8yHKuNAzgWQ1IzcESml9KiMRZGNtNFQC8BlnjfQ6hsMA2VoR1Gf0%2FG2X77aI78ppwK0JkYxvw%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
x-xss-protection
1
cache-control
max-age=43200
cf-ray
64b6483add561eb5-AMS
fontawesome-all.min.css
pentest.blog/wp-content/themes/sparkling/assets/css/
38 KB
8 KB
Stylesheet
General
Full URL
https://pentest.blog/wp-content/themes/sparkling/assets/css/fontawesome-all.min.css?ver=5.1.1.
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f3bce9f7694e1e5ae61f21bdf51af4e502ced317f0471b6b3609b3000dd3d408
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:path
/wp-content/themes/sparkling/assets/css/fontawesome-all.min.css?ver=5.1.1.
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:22 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
6904
strict-transport-security
max-age=15552000; includeSubDomains; preload
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e5cb78c700001eb5fd304000000001
last-modified
Mon, 15 Apr 2019 11:27:42 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"5cb46aae-9697"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HIOS28omjxM3%2FA%2FgtCcopEdtd%2BKeNX%2BHx8ftPr92BFFbOVkiCReSs6uN5NITDJnhKVyvbnkG2DFArUIHB8%2F9LIWyy5R6ih2PvMlhXOo%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
x-xss-protection
1
cache-control
max-age=43200
cf-ray
64b6483add551eb5-AMS
css
fonts.googleapis.com/
14 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans%3A400italic%2C400%2C600%2C700%7CRoboto+Slab%3A400%2C300%2C700&ver=5.7
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
70f45edb4312dd24f37106cd7503989dcf72662e74c704dc3c8b7b696981c49b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://pentest.blog/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 06 May 2021 23:58:50 GMT
server
ESF
date
Fri, 07 May 2021 00:20:22 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 07 May 2021 00:20:22 GMT
style.css
pentest.blog/wp-content/themes/sparkling/
36 KB
7 KB
Stylesheet
General
Full URL
https://pentest.blog/wp-content/themes/sparkling/style.css?ver=2.4.2
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7b11eb90259a2ae13dbaf0d042b8fd154e57e4abffb629d7ca9509f6f6f996a6
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:path
/wp-content/themes/sparkling/style.css?ver=2.4.2
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:22 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
6904
cf-polished
origSize=50725
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e5cb78c700001eb5298b4000000001
last-modified
Mon, 15 Apr 2019 11:27:42 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"5cb46aae-c625"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2TNLPn66USphb6yuVEC8Him8ITkaZ7Ixia4dNDh343evNlTnUBu3bHjHezb3teUialcj8HwIsdu%2F0XPwOZqB7hi0m8r6%2FqqNMq1zgyI%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
x-xss-protection
1
cache-control
max-age=43200
cf-ray
64b6483add531eb5-AMS
cf-bgj
minify
enlighterjs.min.css
pentest.blog/wp-content/plugins/enlighter/cache/
78 KB
9 KB
Stylesheet
General
Full URL
https://pentest.blog/wp-content/plugins/enlighter/cache/enlighterjs.min.css?ver=AnSUBgw4zD87Qup
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6048e330c0f362be46b20de45d35a5ace57a04be04a29da10448d6949f6f69ce
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:path
/wp-content/plugins/enlighter/cache/enlighterjs.min.css?ver=AnSUBgw4zD87Qup
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:22 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
6904
strict-transport-security
max-age=15552000; includeSubDomains; preload
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e5cb78c700001eb5f985f000000001
last-modified
Fri, 19 Mar 2021 12:50:46 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"60549e26-13686"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=A2Hxm6cs4LxWn%2BdIW5p5QEMerg3IUFXAD9hE2Vfkta5QDZ5wBKcOJGv1qpyYCZbDQoM7BvmZcth0gB1aH%2B3bDHvvtcFMftH9UJ5%2FYEY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
x-xss-protection
1
cache-control
max-age=43200
cf-ray
64b6483add541eb5-AMS
jquery.min.js
pentest.blog/wp-includes/js/jquery/
87 KB
30 KB
Script
General
Full URL
https://pentest.blog/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:path
/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:22 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
6904
strict-transport-security
max-age=15552000; includeSubDomains; preload
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e5cb78cc00001eb5f4862000000001
last-modified
Fri, 19 Mar 2021 12:50:06 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"60549dfe-15d98"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=v3WdfXqjV9TI18ue6Se0E%2FeZ8npfIW0CbYAmVMPrasJo4nTi%2FYXO67JfWeIErOFYw8cQMcoB7%2Bpo4LcSxJY%2F0gd%2FwC7xc%2Boga9JIq3I%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-xss-protection
1
cache-control
max-age=43200
cf-ray
64b6483add571eb5-AMS
jquery-migrate.min.js
pentest.blog/wp-includes/js/jquery/
11 KB
4 KB
Script
General
Full URL
https://pentest.blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:path
/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:22 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
6904
strict-transport-security
max-age=15552000; includeSubDomains; preload
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e5cb78c600001eb512b38000000001
last-modified
Fri, 19 Mar 2021 12:50:06 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"60549dfe-2bd8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1efP%2BO0sbyGF%2FSRSj%2FOoP%2FxM%2BS4iK7wrK29qa3hqeZlotWQi0mie3c7Ym8GD%2BepF88nRKDp%2Fsh%2FSj6n2lA77dch7gO2NlSnO7zaRTec%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-xss-protection
1
cache-control
max-age=43200
cf-ray
64b6483add4f1eb5-AMS
bootstrap.min.js
pentest.blog/wp-content/themes/sparkling/assets/js/vendor/
36 KB
10 KB
Script
General
Full URL
https://pentest.blog/wp-content/themes/sparkling/assets/js/vendor/bootstrap.min.js?ver=5.7
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:path
/wp-content/themes/sparkling/assets/js/vendor/bootstrap.min.js?ver=5.7
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:22 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
6904
strict-transport-security
max-age=15552000; includeSubDomains; preload
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e5cb78c600001eb5d4aec000000001
last-modified
Mon, 15 Apr 2019 11:27:42 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"5cb46aae-90b5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=h94dFIrWebHgtf6Nt38sVkHtBhpSJRJ79kmktjvxhETIWUuLs8055HOigBsEW4qIs%2F5O%2FIrocIFDbxqR1pfFau7UvrV2%2BIpjAwITtI4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-xss-protection
1
cache-control
max-age=43200
cf-ray
64b6483add4e1eb5-AMS
functions.js
pentest.blog/wp-content/themes/sparkling/assets/js/
2 KB
1 KB
Script
General
Full URL
https://pentest.blog/wp-content/themes/sparkling/assets/js/functions.js?ver=20180503
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a70001940d43804b9ce5a960780ca25aca8df10800126046fe4e9634e309aad3
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:path
/wp-content/themes/sparkling/assets/js/functions.js?ver=20180503
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:22 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
6904
cf-polished
origSize=2473
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e5cb78c600001eb5ed350000000001
last-modified
Mon, 15 Apr 2019 11:27:42 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"5cb46aae-9a9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bojIiQreiPKZXWK%2FCxsM3b4C0u8%2FilTTN97ZYOwIrVFIe%2BQQ6PUNqBoWzgm8rOd2nv%2FX2dV0F%2Ft8OfxeSGHIU2PbvhL%2FANzPC3rZ9t4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-xss-protection
1
cache-control
max-age=43200
cf-ray
64b6483add501eb5-AMS
cf-bgj
minify
asciinema-player.js
pentest.blog/wp-content/asciinema/
564 KB
128 KB
Script
General
Full URL
https://pentest.blog/wp-content/asciinema/asciinema-player.js
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31b816eb40dd68ec64b697c2f87018a94a875c7c88a372689ba7d07e691e7e8d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:path
/wp-content/asciinema/asciinema-player.js
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:22 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
6904
cf-polished
origSize=582376
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e5cb78c600001eb5ec3aa000000001
last-modified
Wed, 21 Feb 2018 19:45:31 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"5a8dcc5b-8e2e8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=rs50dk2MkKhP9%2F%2BWW0MWktEnZsG8gGpeGQYyjeOmxv5VzHyde9dRXe1Zot%2BOYkmpI5zmwEPKkvJiNSAK%2BjhkjVzWtiiS3ABguiGFu4U%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-xss-protection
1
cache-control
max-age=43200
cf-ray
64b6483add511eb5-AMS
cf-bgj
minify
asciinema-player.css
pentest.blog/wp-content/asciinema/
42 KB
5 KB
Stylesheet
General
Full URL
https://pentest.blog/wp-content/asciinema/asciinema-player.css
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c0568923127c7ec9017ee440b069d4dd0f964388dd29555d1a01c223bc01746b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:path
/wp-content/asciinema/asciinema-player.css
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:22 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
6904
cf-polished
origSize=50722
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e5cb78c500001eb5cd2de000000001
last-modified
Wed, 21 Feb 2018 19:45:25 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"5a8dcc55-c622"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Y4IwtHLGa%2Bezk9p1I4BlaHPacjHiT8hV08HPcduV%2FhIaz5jxp1jcEFmAJjFw9oEqSzmrLyC51aHllpQRU%2BtVp6bu5DZearVUXIKmwcw%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
x-xss-protection
1
cache-control
max-age=43200
cf-ray
64b6483add4d1eb5-AMS
cf-bgj
minify
pentestblog-color-e1508706802866.png
pentest.blog/wp-content/uploads/
25 KB
25 KB
Image
General
Full URL
https://pentest.blog/wp-content/uploads/pentestblog-color-e1508706802866.png
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5706a629c5d91a9d57fbd64b44829d7186ce3e513a732ce7062828cf29457f7a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:path
/wp-content/uploads/pentestblog-color-e1508706802866.png
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:23 GMT
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
6854
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
25113
cf-request-id
09e5cb7a7500001eb5042ce000000001
last-modified
Sun, 22 Oct 2017 21:13:22 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"59ed09f2-6219"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2B4MYj3v%2BxrC9WCd6%2BbhJT7ahOD%2F5%2BnPsdjMw%2FYta77tkAsFcI2qdKvjz6aJNULi92UqqgrzCBF4Q5JnAmkZQs6nkY99wxTOktNZ9GMY%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
x-xss-protection
1
cache-control
max-age=43200
accept-ranges
bytes
cf-ray
64b6483d8f5e1eb5-AMS
Mg6EYwIk_400x400.jpg
pentest.blog/wp-content/uploads/
24 KB
25 KB
Image
General
Full URL
https://pentest.blog/wp-content/uploads/Mg6EYwIk_400x400.jpg
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4d5d17019ea0b43378cf13376e6e8f2059f47cf5e66074dd208f417543cf3d3
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:path
/wp-content/uploads/Mg6EYwIk_400x400.jpg
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:23 GMT
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
6854
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
24986
cf-request-id
09e5cb7a7500001eb516037000000001
last-modified
Fri, 09 Apr 2021 10:11:21 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"60702849-619a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=boBZs6sZLLKMRMNxWBylu0wCunlrwlWx5uPE4iknvSE6BZzP88FlW0tmyRIQoMeZCeqGMGafh%2FyPEJFgqpJGzBbOb6jJtrqwm4rwyNQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
x-xss-protection
1
cache-control
max-age=43200
accept-ranges
bytes
cf-ray
64b6483d8f5f1eb5-AMS
pentest_1000px.png
pentest.blog/wp-content/uploads/
60 KB
61 KB
Image
General
Full URL
https://pentest.blog/wp-content/uploads/pentest_1000px.png
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
17041df2bda03e102abe51f82147a6c987d346b4e4e19525b5085e9056e55947
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:path
/wp-content/uploads/pentest_1000px.png
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:23 GMT
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
6854
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
61349
cf-request-id
09e5cb7a7500001eb5d2b9c000000001
last-modified
Mon, 19 Mar 2018 14:43:40 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"5aafcc9c-efa5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=MMJrT90zs28C1tqc5KSkATOSOdHobQ5nxFZ2cDYDgNC2xU4sxupJgoBw7ENKlL5KX2JM2k1f7ut9WmAMdjC3stXG2GHACVRL1GkPEQY%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
x-xss-protection
1
cache-control
max-age=43200
accept-ranges
bytes
cf-ray
64b6483d8f601eb5-AMS
email-decode.min.js
pentest.blog/cdn-cgi/scripts/5c5dd728/cloudflare-static/
1 KB
1 KB
Script
General
Full URL
https://pentest.blog/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

:path
/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
nel
{"max_age":604800,"report_to":"cf-nel"}
vary
Accept-Encoding
cf-request-id
09e5cb79e000001eb5b831d000000001
last-modified
Fri, 30 Apr 2021 09:06:15 GMT
server
cloudflare
x-frame-options
DENY
etag
W/"608bc887-4d7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=OYmt5AH9sxczLosZ24JAw7jDqO4th13lhrD73d6ldjIjqqClkfM%2BE6RNIlF7gvssoEWBomZM6hGjQjfWMM42U7uvWRVLSVPsyqaZUk0%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=172800 public
cf-ray
64b6483c9eb01eb5-AMS
expires
Sun, 09 May 2021 00:20:23 GMT
js
www.googletagmanager.com/gtag/
88 KB
35 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-88100923-1
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
746eb68201ea9e457d24cb923fbe3f0b8586cf0613d2f91fba21b724e018a105
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://pentest.blog/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:23 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35717
x-xss-protection
0
last-modified
Fri, 07 May 2021 00:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 07 May 2021 00:20:23 GMT
comment_count.js
pentest.blog/wp-content/plugins/disqus-comment-system/public/js/
708 B
935 B
Script
General
Full URL
https://pentest.blog/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.21
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b385fd0614f2927f0e7fdc03ccdb2428e3a93de0c7fe467149b34213cc32c0f6
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:path
/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.21
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:23 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
6905
cf-polished
origSize=889
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e5cb79f100001eb512b42000000001
last-modified
Fri, 19 Mar 2021 12:50:40 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"60549e20-379"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HFqImwtxkC6kIbufiXYth05ivhkQX06D6E0%2BanWccWJaZxnPjxZGs%2FyBscAie5nq413p98sNQAZwwU1k1Tq21p5tQl8JE97O1NdZsQw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-xss-protection
1
cache-control
max-age=43200
cf-ray
64b6483cbec91eb5-AMS
cf-bgj
minify
comment_embed.js
pentest.blog/wp-content/plugins/disqus-comment-system/public/js/
828 B
922 B
Script
General
Full URL
https://pentest.blog/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.21
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7f5a831ead8920451598097754bb1d4fbf16fff1fd90794b950724867345794
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:path
/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.21
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:23 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
6905
cf-polished
origSize=1150
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e5cb7a7400001eb5f1b3c000000001
last-modified
Fri, 19 Mar 2021 12:50:40 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"60549e20-47e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9%2B00kpUwqnrzCorRexM4H5t%2FG8XYh6%2BWtC4K3OzRzpuv1PtGz9QHxR9q4Y4zKE%2BLiWjTIYogjidjgMy%2B8LHgOSpCuVpz5YuXEjvCXD8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-xss-protection
1
cache-control
max-age=43200
cf-ray
64b6483d8f581eb5-AMS
cf-bgj
minify
skip-link-focus-fix.min.js
pentest.blog/wp-content/themes/sparkling/assets/js/
543 B
833 B
Script
General
Full URL
https://pentest.blog/wp-content/themes/sparkling/assets/js/skip-link-focus-fix.min.js?ver=20140222
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2123b61f26a87c608f5e339df52bb4bf85dfa17718ee83b80e9b869e07c9a447
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:path
/wp-content/themes/sparkling/assets/js/skip-link-focus-fix.min.js?ver=20140222
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:23 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
6905
strict-transport-security
max-age=15552000; includeSubDomains; preload
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e5cb7a7400001eb5ba059000000001
last-modified
Mon, 15 Apr 2019 11:27:42 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"5cb46aae-21f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UumTA6Chh50%2BXg%2ByzxMuauNBF4Y2%2FSUBzR2e3Ty%2Fdr3ATRE0GJg6vZNFaaZHfBG9R%2FtUC9RSXW5iaOarDmE3SyjTbG7nrCcR3ECROX8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-xss-protection
1
cache-control
max-age=43200
cf-ray
64b6483d8f591eb5-AMS
comment-reply.min.js
pentest.blog/wp-includes/js/
3 KB
2 KB
Script
General
Full URL
https://pentest.blog/wp-includes/js/comment-reply.min.js?ver=5.7
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab21fef3ac4ee12ebb305942f85de99b290b8a24654c69060e54673d5f3a11f2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:path
/wp-includes/js/comment-reply.min.js?ver=5.7
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:23 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
6905
strict-transport-security
max-age=15552000; includeSubDomains; preload
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e5cb7a7400001eb52c012000000001
last-modified
Fri, 19 Mar 2021 12:50:06 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"60549dfe-ba6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LkVFGRh3UpYMuhzBL3ZbUldaS%2BzM0OrIsC7V0ZjaACOn%2F1soSHQ82MY73%2Fc%2By5llYHbVdxig9tpW1LZ8Dt8u9mJe1rbRS1qM44FlFlM%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-xss-protection
1
cache-control
max-age=43200
cf-ray
64b6483d8f5a1eb5-AMS
enlighterjs.min.js
pentest.blog/wp-content/plugins/enlighter/cache/
57 KB
16 KB
Script
General
Full URL
https://pentest.blog/wp-content/plugins/enlighter/cache/enlighterjs.min.js?ver=AnSUBgw4zD87Qup
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e0c4a1ed3d232553d98c82ea0e04cee8975d0a67df819e161f96e7c32179e8c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:path
/wp-content/plugins/enlighter/cache/enlighterjs.min.js?ver=AnSUBgw4zD87Qup
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:23 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
6905
strict-transport-security
max-age=15552000; includeSubDomains; preload
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e5cb7a7500001eb50839a000000001
last-modified
Fri, 19 Mar 2021 12:50:46 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"60549e26-e33f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=a0PFKDjnSutPz0HrD9Qn%2BVPhkeIRYaxLX%2BUSpvfmiKHhbp%2FdH%2B84ijZwWLDGDsTDCyw3kh0p9it%2Ber4NeWKg2pmKxU512jh2cMonw0U%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-xss-protection
1
cache-control
max-age=43200
cf-ray
64b6483d8f5c1eb5-AMS
wp-embed.min.js
pentest.blog/wp-includes/js/
1 KB
1 KB
Script
General
Full URL
https://pentest.blog/wp-includes/js/wp-embed.min.js?ver=5.7
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:path
/wp-includes/js/wp-embed.min.js?ver=5.7
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:23 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
6905
strict-transport-security
max-age=15552000; includeSubDomains; preload
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e5cb7a7500001eb5db33c000000001
last-modified
Fri, 19 Mar 2021 12:50:06 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"60549dfe-592"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=H%2FgXGOHWJTDvzofwe9eUgrnX0ifdN7fXXvLe9%2BffCXarVqpWAYWNb%2FjD98rAx8LWIyZ3QIgMNX3%2FOxgVzW2sOwTD0onluznhuLMt7qc%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-xss-protection
1
cache-control
max-age=43200
cf-ray
64b6483d8f5d1eb5-AMS
analytics.js
www.google-analytics.com/
48 KB
19 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: pentest.blog
URL: https://pentest.blog/cdn-cgi/apps/head/0I43Bxg6NSCFiP6ZrmEK6USGESM.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://pentest.blog/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 09 Apr 2021 23:59:54 GMT
server
Golfe2
age
6811
date
Thu, 06 May 2021 22:26:52 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19569
expires
Fri, 07 May 2021 00:26:52 GMT
1TvIEVAY9L_dEaYOUISH6JZQX-g.js
pentest.blog/cdn-cgi/apps/body/
12 KB
6 KB
Script
General
Full URL
https://pentest.blog/cdn-cgi/apps/body/1TvIEVAY9L_dEaYOUISH6JZQX-g.js
Requested by
Host: pentest.blog
URL: https://pentest.blog/cdn-cgi/apps/head/0I43Bxg6NSCFiP6ZrmEK6USGESM.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d38f3ca3272d3a47bcfa9fe9cb8268eae714759453f56151b898394b24c6889
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

:path
/cdn-cgi/apps/body/1TvIEVAY9L_dEaYOUISH6JZQX-g.js
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:23 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
1173657
content-type
application/javascript; charset=utf-8
strict-transport-security
max-age=15552000; includeSubDomains; preload
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id
5M6JJ0JC4BFQ25FA
x-amz-id-2
gQXOsIPxo3/UBD6plau2CNK9I9GpDyMr3WvMGvN+bSDobiNM1gGl9aKG/jjpwsZor6fwdQUYnxQ=
last-modified
Tue, 12 Sep 2017 11:59:56 GMT
server
cloudflare
etag
W/"c317e28980ce201e285ef126ee343d24"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PMQcRs7ZUgAHqNRhGBNj1smlVUNrbqxF9iyw1SO26601yd5vk27exW3hZ7wZmXq5VAmzNrD737gvWjUo20C8FqqpLeDTGvx6zUgNPUo%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
5cG.we8.asHaEAHdIRNtrF8iFr.KsTVB
cache-control
public, max-age=31536000
cf-request-id
09e5cb7a7500001eb5d1b24000000001
cf-ray
64b6483d8f611eb5-AMS
wp-emoji-release.min.js
pentest.blog/wp-includes/js/
14 KB
5 KB
Script
General
Full URL
https://pentest.blog/wp-includes/js/wp-emoji-release.min.js?ver=5.7
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:path
/wp-includes/js/wp-emoji-release.min.js?ver=5.7
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:23 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
6905
strict-transport-security
max-age=15552000; includeSubDomains; preload
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e5cb7a7500001eb5bf3a6000000001
last-modified
Fri, 19 Mar 2021 12:50:06 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"60549dfe-3795"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=iMZ8s3c9KWot61%2BTwliLw372diyOHZ2%2Br0vkjQp3mSUHjsF%2F6W0WZ9D5ul%2FZHQD6ULw8Wi00hYModyhA9UQSgErIEnmaIvAOPo5fQ5w%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-xss-protection
1
cache-control
max-age=43200
cf-ray
64b6483d8f621eb5-AMS
mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v18/
14 KB
14 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0b.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400italic%2C400%2C600%2C700%7CRoboto+Slab%3A400%2C300%2C700&ver=5.7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://pentest.blog
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 04 May 2021 01:50:37 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:09:22 GMT
server
sffe
age
253786
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14380
x-xss-protection
0
expires
Wed, 04 May 2022 01:50:37 GMT
BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2
fonts.gstatic.com/s/robotoslab/v13/
39 KB
39 KB
Font
General
Full URL
https://fonts.gstatic.com/s/robotoslab/v13/BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400italic%2C400%2C600%2C700%7CRoboto+Slab%3A400%2C300%2C700&ver=5.7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8c79f09d1e74eadaf897561f5d70265ed2884663d34ad9c4d7f2aebff3b85a6b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://pentest.blog
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 06 May 2021 15:44:07 GMT
x-content-type-options
nosniff
last-modified
Thu, 28 Jan 2021 22:03:59 GMT
server
sffe
age
30976
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39440
x-xss-protection
0
expires
Fri, 06 May 2022 15:44:07 GMT
fa-solid-900.woff2
pentest.blog/wp-content/themes/sparkling/assets/fonts/
44 KB
45 KB
Font
General
Full URL
https://pentest.blog/wp-content/themes/sparkling/assets/fonts/fa-solid-900.woff2
Requested by
Host: pentest.blog
URL: https://pentest.blog/wp-content/themes/sparkling/assets/css/fontawesome-all.min.css?ver=5.1.1.
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79279c8900d692d54bd3468993728088da3a33f5eabe667637554d3811000837
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

sec-fetch-mode
cors
origin
https://pentest.blog
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
font
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
:path
/wp-content/themes/sparkling/assets/fonts/fa-solid-900.woff2
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
pentest.blog
referer
https://pentest.blog/wp-content/themes/sparkling/assets/css/fontawesome-all.min.css?ver=5.1.1.
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://pentest.blog
Referer
https://pentest.blog/wp-content/themes/sparkling/assets/css/fontawesome-all.min.css?ver=5.1.1.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:23 GMT
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
6904
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
45128
cf-request-id
09e5cb7a7e00001eb5c2367000000001
last-modified
Mon, 15 Apr 2019 11:27:42 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"5cb46aae-b048"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0Tub%2B8qwKuZjEuOuLj393cjdVrmCbMJ0y%2FdgtZGEfwdQu%2F5ZS4z7MFa525MA3JmAGaZnk%2BCOS6FhDahKh6wTcUisgDmN68Izq5deMKQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
x-xss-protection
1
cache-control
max-age=43200
accept-ranges
bytes
cf-ray
64b6483d9f6d1eb5-AMS
mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400italic%2C400%2C600%2C700%7CRoboto+Slab%3A400%2C300%2C700&ver=5.7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://pentest.blog
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 04 May 2021 20:40:38 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:11:00 GMT
server
sffe
age
185985
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15056
x-xss-protection
0
expires
Wed, 04 May 2022 20:40:38 GMT
glyphicons-halflings-regular.woff2
pentest.blog/wp-content/themes/sparkling/assets/fonts/
18 KB
18 KB
Font
General
Full URL
https://pentest.blog/wp-content/themes/sparkling/assets/fonts/glyphicons-halflings-regular.woff2
Requested by
Host: pentest.blog
URL: https://pentest.blog/wp-content/themes/sparkling/assets/css/bootstrap.min.css?ver=5.7
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

sec-fetch-mode
cors
origin
https://pentest.blog
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
font
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
:path
/wp-content/themes/sparkling/assets/fonts/glyphicons-halflings-regular.woff2
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
pentest.blog
referer
https://pentest.blog/wp-content/themes/sparkling/assets/css/bootstrap.min.css?ver=5.7
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://pentest.blog
Referer
https://pentest.blog/wp-content/themes/sparkling/assets/css/bootstrap.min.css?ver=5.7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:23 GMT
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
6904
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
18028
cf-request-id
09e5cb7a7e00001eb5c4b9b000000001
last-modified
Mon, 15 Apr 2019 11:27:42 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"5cb46aae-466c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mZL2q%2BNVs4ZramTN8xjL54jfZYpfiwDgUo%2FsZzSRQ%2FyomazrmExjkFloCouQI%2BmsiATGKuKaJiR3t5QtRQJeAB%2BQf2QSwUxTIV0pddA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
x-xss-protection
1
cache-control
max-age=43200
accept-ranges
bytes
cf-ray
64b6483d9f6e1eb5-AMS
mem8YaGs126MiZpBA-UFW50bbck.woff2
fonts.gstatic.com/s/opensans/v18/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFW50bbck.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400italic%2C400%2C600%2C700%7CRoboto+Slab%3A400%2C300%2C700&ver=5.7
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
28e9420a6d03a70b837b51c9fbe1bb1f819a3d4aa71bffa07f7c3e79d7dcf878
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://pentest.blog
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 06 May 2021 15:44:07 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:09:21 GMT
server
sffe
age
30976
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11316
x-xss-protection
0
expires
Fri, 06 May 2022 15:44:07 GMT
taking-down-windows-nazi-750x410.jpg
pentest.blog/wp-content/uploads/
60 KB
61 KB
Image
General
Full URL
https://pentest.blog/wp-content/uploads/taking-down-windows-nazi-750x410.jpg
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c222de21cd15bd1b3546d7631994d06fa4dbd1a21cbab9938624fd48131a245
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:path
/wp-content/uploads/taking-down-windows-nazi-750x410.jpg
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:23 GMT
cf-cache-status
MISS
nel
{"max_age":604800,"report_to":"cf-nel"}
strict-transport-security
max-age=15552000; includeSubDomains; preload
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
61398
cf-request-id
09e5cb7b0500001eb5db341000000001
last-modified
Wed, 18 Jan 2017 22:07:50 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"587fe736-efd6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ku9XmKhxxqlBDYhLKn1raJ6rQG9vmgqxAe5Y0Z7pOV9H4EZTkliMtjyhq%2BAISWGd0iN06aaaEqvsig932Y%2BD88a%2FhfpFVEkPewaIA6E%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
x-xss-protection
1
cache-control
max-age=43200
accept-ranges
bytes
cf-ray
64b6483e6fd71eb5-AMS
unquoted_regedit.png
pentest.blog/wp-content/uploads/
33 KB
34 KB
Image
General
Full URL
https://pentest.blog/wp-content/uploads/unquoted_regedit.png
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d06b4b1d8fb3e29af8a425cf48533927f3b2ed1cd4c49029197d9a62f0fcd9d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:path
/wp-content/uploads/unquoted_regedit.png
pragma
no-cache
cookie
__cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
pentest.blog
referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:23 GMT
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
6843
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
34152
cf-request-id
09e5cb7b0200001eb51603a000000001
last-modified
Wed, 21 Dec 2016 04:05:11 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"5859ff77-8568"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=TBsr0aeDBg7UDGvK3RVVrwc519XdR%2BTZUu7jH5RqGXWH0COp9WJOF68Fn8BHjZev%2FME0IpI4S6IoA3afmIPb514U4bJHLnRl20zjLW8%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
x-xss-protection
1
cache-control
max-age=43200
accept-ranges
bytes
cf-ray
64b6483e6fd81eb5-AMS
count.js
pentestblog.disqus.com/
1 KB
2 KB
Script
General
Full URL
https://pentestblog.disqus.com/count.js
Requested by
Host: pentest.blog
URL: https://pentest.blog/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.21
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://pentest.blog/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 07 May 2021 00:20:23 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
667432
P3P
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection
keep-alive
Content-Length
871
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 28 Apr 2021 00:35:24 GMT
Server
nginx
ETag
"6088adcc-367"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=300; includeSubdomains
Content-Type
application/javascript; charset=utf-8
Cache-Control
public, max-age=300
X-Amz-Cf-Pop
DFW3-C1
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
X-Amz-Cf-Id
TJQ1AX1vIBjdkTHJAPEF-DtfS4lRM38gHA4GQndl0G0Nhy50u9QeoQ==
embed.js
pentestblog.disqus.com/
73 KB
24 KB
Script
General
Full URL
https://pentestblog.disqus.com/embed.js
Requested by
Host: pentest.blog
URL: https://pentest.blog/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.21
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
22f84dc9c2f60b45767285d160ce6c4fab3436b2ed3835bcd6cedbe137235ac6
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains

Request headers

Referer
https://pentest.blog/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 07 May 2021 00:20:23 GMT
Content-Encoding
gzip
Server
openresty
Age
0
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Cache-Control
private, max-age=60
X-Service
router
Strict-Transport-Security
max-age=300; includeSubdomains
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
24245
collect
www.google-analytics.com/j/
2 B
22 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j90&a=126977493&t=pageview&_s=1&dl=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&ul=en-us&de=UTF-8&dt=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters%20%E2%80%93%20Pentest%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=854280161&gjid=1938868877&cid=618968929.1620346824&tid=UA-88100923-1&_gid=1239838043.1620346824&_r=1&_slc=1&z=127585856
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://pentest.blog/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 07 May 2021 00:20:23 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://pentest.blog
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
1f609.svg
s.w.org/images/core/emoji/13.0.1/svg/
1 KB
853 B
Image
General
Full URL
https://s.w.org/images/core/emoji/13.0.1/svg/1f609.svg
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
2468609517599c10415c9c9b65024cf697b747dbb837d07d0ea12130f224c65f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://pentest.blog/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Fri, 07 May 2021 00:20:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 20 Oct 2020 16:13:31 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
1f642.svg
s.w.org/images/core/emoji/13.0.1/svg/
525 B
347 B
Image
General
Full URL
https://s.w.org/images/core/emoji/13.0.1/svg/1f642.svg
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
943c44a0f3dc1aba84f5fbe8465baadbb90af66cd7be9f37ca07a39260357ad2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://pentest.blog/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Fri, 07 May 2021 00:20:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 20 Oct 2020 16:13:32 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
1f641.svg
s.w.org/images/core/emoji/13.0.1/svg/
512 B
361 B
Image
General
Full URL
https://s.w.org/images/core/emoji/13.0.1/svg/1f641.svg
Requested by
Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
87bcc22d43cfa00bd1cf5e3a35aad79150b4ce804899db3ea93efe57eeb6dbf7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://pentest.blog/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Fri, 07 May 2021 00:20:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 20 Oct 2020 16:13:32 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
collect
www.google-analytics.com/j/
1 B
21 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j90&a=126977493&t=pageview&_s=1&dl=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&ul=en-us&de=UTF-8&dt=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters%20%E2%80%93%20Pentest%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAUABAAAAAC~&jid=66535304&gjid=2139621618&cid=618968929.1620346824&tid=UA-88100923-1&_gid=1239838043.1620346824&_r=1&gtm=2ou4s0&z=356860129
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://pentest.blog/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 07 May 2021 00:20:23 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://pentest.blog
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
lounge.305cef62f65d619287ed5bfd8a11158b.css
c.disquscdn.com/next/embed/styles/
0
23 KB
Other
General
Full URL
https://c.disquscdn.com/next/embed/styles/lounge.305cef62f65d619287ed5bfd8a11158b.css
Requested by
Host: pentestblog.disqus.com
URL: https://pentestblog.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://pentest.blog/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
871131
strict-transport-security
max-age=300; includeSubdomains
content-length
23152
cf-request-id
09e5cb7c7c000005f975aab000000001
timing-allow-origin
*
last-modified
Mon, 26 Apr 2021 20:08:48 GMT
server
cloudflare
etag
"60871dd0-5a70"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
cf-ray
64b64840cc4d05f9-FRA
x-amz-cf-id
fW6uWADQtEZlK-wmDYqb2_bVoI8qEXXQIebuoRmRxeEbg1U5ih8CMg==
expires
Tue, 26 Apr 2022 22:21:32 GMT
common.bundle.f485ba8b89bf2153fdb9f493ec342aed.js
c.disquscdn.com/next/embed/
0
93 KB
Other
General
Full URL
https://c.disquscdn.com/next/embed/common.bundle.f485ba8b89bf2153fdb9f493ec342aed.js
Requested by
Host: pentestblog.disqus.com
URL: https://pentestblog.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://pentest.blog/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
3900256
strict-transport-security
max-age=300; includeSubdomains
content-length
94786
cf-request-id
09e5cb7c7c000005f946075000000001
timing-allow-origin
*
last-modified
Tue, 09 Mar 2021 17:57:38 GMT
server
cloudflare
etag
"6047b712-17242"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA56-C2
accept-ranges
bytes
cf-ray
64b64840cc4e05f9-FRA
x-amz-cf-id
iGbO1sC_L2SXajbXh3fns4o9OWy9yuPPlUqsvZKLIHAqbdlN6Dbhow==
expires
Wed, 09 Mar 2022 18:10:09 GMT
lounge.bundle.daad0ef0a39804d0796d79f216ca4d2e.js
c.disquscdn.com/next/embed/
0
115 KB
Other
General
Full URL
https://c.disquscdn.com/next/embed/lounge.bundle.daad0ef0a39804d0796d79f216ca4d2e.js
Requested by
Host: pentestblog.disqus.com
URL: https://pentestblog.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://pentest.blog/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
788786
strict-transport-security
max-age=300; includeSubdomains
content-length
117909
cf-request-id
09e5cb7c7d000005f93f20f000000001
timing-allow-origin
*
last-modified
Tue, 27 Apr 2021 21:01:56 GMT
server
cloudflare
etag
"60887bc4-1cc95"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
cf-ray
64b64840cc5005f9-FRA
x-amz-cf-id
ETrZZQ2ejsaF6MhaKzELRpOlvmta1CRQ1i4wrUp7rQaahSvj9GaDiQ==
expires
Wed, 27 Apr 2022 21:13:50 GMT
config.js
disqus.com/next/
0
12 KB
Other
General
Full URL
https://disqus.com/next/config.js
Requested by
Host: pentestblog.disqus.com
URL: https://pentestblog.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.128.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://pentest.blog/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 07 May 2021 00:20:23 GMT
X-Content-Type-Options
nosniff
Content-Type
application/javascript; charset=UTF-8
Server
nginx
Age
54
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin
*
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
11688
X-XSS-Protection
1; mode=block
/
disqus.com/embed/comments/ Frame CDC8
57 KB
12 KB
Document
General
Full URL
https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
Requested by
Host: pentestblog.disqus.com
URL: https://pentestblog.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.128.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b510b8c3b6d17c4d7155538bf2d5da7cf2f36eb6eca9846224da240898ed3f1d
Security Headers
Name Value
Content-Security-Policy script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
disqus.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://pentest.blog/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://pentest.blog/

Response headers

Connection
keep-alive
Content-Length
11138
Server
nginx
Content-Type
text/html; charset=utf-8
Content-Security-Policy
script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Last-Modified
Wed, 21 Apr 2021 18:31:29 GMT
ETag
W/"lounge:view:6115200593.660bcf3b67a35aa94decf75a491b077c.2"
Link
<https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control
stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Referrer-Policy
no-referrer-when-downgrade
Timing-Allow-Origin
*
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Encoding
gzip
Date
Fri, 07 May 2021 00:20:24 GMT
Age
0
Vary
Accept-Encoding
Strict-Transport-Security
max-age=300; includeSubdomains
lounge.load.dfaa05f4d3af8a4fe09cfd70007bc5b2.js
c.disquscdn.com/next/embed/ Frame CDC8
1 KB
1 KB
Script
General
Full URL
https://c.disquscdn.com/next/embed/lounge.load.dfaa05f4d3af8a4fe09cfd70007bc5b2.js
Requested by
Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08b05aa1232219b6c9a71eb156f0853da0ed1a63adcf147f3d9e71e8b0574e4f
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Origin
https://disqus.com
Referer
https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
788786
strict-transport-security
max-age=300; includeSubdomains
content-length
532
cf-request-id
09e5cb7e0b00004aa41204c000000001
timing-allow-origin
*
last-modified
Tue, 27 Apr 2021 21:01:55 GMT
server
cloudflare
etag
"60887bc3-214"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
cf-ray
64b648434ea74aa4-FRA
x-amz-cf-id
6bkoSRP2VPWUX0cqSoKVgn9xbdpiubZqOxzIJb-mAabp28I3ytUAwQ==
expires
Wed, 27 Apr 2022 21:13:50 GMT
common.bundle.f485ba8b89bf2153fdb9f493ec342aed.js
c.disquscdn.com/next/embed/ Frame CDC8
282 KB
93 KB
Script
General
Full URL
https://c.disquscdn.com/next/embed/common.bundle.f485ba8b89bf2153fdb9f493ec342aed.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.dfaa05f4d3af8a4fe09cfd70007bc5b2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33d9c56f2b1408711b9b963963790177ac4e7c38a5ecf0e3c12f558c676e294b
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
3900257
strict-transport-security
max-age=300; includeSubdomains
content-length
94786
cf-request-id
09e5cb7e19000005f99a858000000001
timing-allow-origin
*
last-modified
Tue, 09 Mar 2021 17:57:38 GMT
server
cloudflare
etag
"6047b712-17242"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA56-C2
accept-ranges
bytes
cf-ray
64b64843585505f9-FRA
x-amz-cf-id
iGbO1sC_L2SXajbXh3fns4o9OWy9yuPPlUqsvZKLIHAqbdlN6Dbhow==
expires
Wed, 09 Mar 2022 18:10:09 GMT
lounge.305cef62f65d619287ed5bfd8a11158b.css
c.disquscdn.com/next/embed/styles/ Frame CDC8
129 KB
23 KB
Stylesheet
General
Full URL
https://c.disquscdn.com/next/embed/styles/lounge.305cef62f65d619287ed5bfd8a11158b.css
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.f485ba8b89bf2153fdb9f493ec342aed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7d14b983e535139708c6526fcd9c46fb986f2a9e77fba33da4b811bab6dac9a
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
871132
strict-transport-security
max-age=300; includeSubdomains
content-length
23152
cf-request-id
09e5cb7e58000005f946095000000001
timing-allow-origin
*
last-modified
Mon, 26 Apr 2021 20:08:48 GMT
server
cloudflare
etag
"60871dd0-5a70"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
cf-ray
64b64843c92005f9-FRA
x-amz-cf-id
fW6uWADQtEZlK-wmDYqb2_bVoI8qEXXQIebuoRmRxeEbg1U5ih8CMg==
expires
Tue, 26 Apr 2022 22:21:32 GMT
lounge.bundle.daad0ef0a39804d0796d79f216ca4d2e.js
c.disquscdn.com/next/embed/ Frame CDC8
456 KB
115 KB
Script
General
Full URL
https://c.disquscdn.com/next/embed/lounge.bundle.daad0ef0a39804d0796d79f216ca4d2e.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.f485ba8b89bf2153fdb9f493ec342aed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a163fb094ea045758fdb0d81a16a8e8265adb94dcfc945e4235942250ab2e2a5
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
788787
strict-transport-security
max-age=300; includeSubdomains
content-length
117909
cf-request-id
09e5cb7e5d000005f956991000000001
timing-allow-origin
*
last-modified
Tue, 27 Apr 2021 21:01:56 GMT
server
cloudflare
etag
"60887bc4-1cc95"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
cf-ray
64b64843c93105f9-FRA
x-amz-cf-id
ETrZZQ2ejsaF6MhaKzELRpOlvmta1CRQ1i4wrUp7rQaahSvj9GaDiQ==
expires
Wed, 27 Apr 2022 21:13:50 GMT
config.js
disqus.com/next/ Frame CDC8
11 KB
12 KB
Script
General
Full URL
https://disqus.com/next/config.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.f485ba8b89bf2153fdb9f493ec342aed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.128.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
d0627e883f59b06ada61af684c0636818d0e01f4c3fed677f83f974196b8316f
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 07 May 2021 00:20:24 GMT
X-Content-Type-Options
nosniff
Content-Type
application/javascript; charset=UTF-8
Server
nginx
Age
55
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin
*
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
11688
X-XSS-Protection
1; mode=block
details
disqus.com/api/3.0/forums/ Frame CDC8
3 KB
4 KB
XHR
General
Full URL
https://disqus.com/api/3.0/forums/details?forum=pentestblog&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.f485ba8b89bf2153fdb9f493ec342aed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.128.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ed6198299ea8edc79f99837a0768a8c96f36d759bc697fde1e115aae90fa4f32
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 07 May 2021 00:20:24 GMT
X-Content-Type-Options
nosniff
Server
nginx
Age
0
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection
keep-alive
Content-Type
application/json
Vary
Origin, Cookie
Content-Length
3533
X-XSS-Protection
1; mode=block
loadReactions
disqus.com/api/3.0/threadReactions/ Frame CDC8
85 B
530 B
XHR
General
Full URL
https://disqus.com/api/3.0/threadReactions/loadReactions?thread=6115200593&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.f485ba8b89bf2153fdb9f493ec342aed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.128.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
867bde5f1930963a16e7dac4c891142edaa529a4428bb3486165757b7c8ead08
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 07 May 2021 00:20:24 GMT
X-Content-Type-Options
nosniff
Server
nginx
Age
0
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cache-Control
stale-while-revalidate=30, max-age=60
Connection
keep-alive
Content-Type
application/json
Vary
Origin, Cookie
Content-Length
85
X-XSS-Protection
1; mode=block
noavatar92.png
a.disquscdn.com/1619042223/images/ Frame CDC8
2 KB
2 KB
Image
General
Full URL
https://a.disquscdn.com/1619042223/images/noavatar92.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:24 GMT
x-content-type-options
nosniff
last-modified
Fri, 26 Feb 2021 20:50:09 GMT
server
nginx
age
876495
etag
"60395f01-66c"
strict-transport-security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection
1; mode=block
cache-control
max-age=2592000
x-amz-cf-pop
FRA50-C1
content-type
image/png
content-length
1644
x-amz-cf-id
Tj3VRQxyQEgzMA4L2qLAP6EW9DAgOcCEIU2v0nhX33lV5MxxQe7gFw==
expires
Wed, 26 May 2021 20:52:08 GMT
truncated
/ Frame CDC8
37 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame CDC8
13 KB
13 KB
Image
General
Full URL
https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.305cef62f65d619287ed5bfd8a11158b.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://c.disquscdn.com/next/embed/styles/lounge.305cef62f65d619287ed5bfd8a11158b.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
3900256
strict-transport-security
max-age=300; includeSubdomains
content-length
13079
cf-request-id
09e5cb7f03000005f9a3a6d000000001
timing-allow-origin
*
last-modified
Wed, 03 Feb 2021 18:02:57 GMT
server
cloudflare
etag
"601ae551-3317"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml; charset=utf-8
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
cf-ray
64b64844daad05f9-FRA
x-amz-cf-id
u5aj5DP6QMZrJ6I7jx1Wc3d2qOMZ4C8kh8YfJv2eAUXws5l8rCpo3g==
expires
Sun, 06 Feb 2022 13:14:53 GMT
loader.ba7c86e8b4b6135bb668d05223f8f127.gif
c.disquscdn.com/next/embed/assets/img/ Frame CDC8
3 KB
3 KB
Image
General
Full URL
https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.305cef62f65d619287ed5bfd8a11158b.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://c.disquscdn.com/next/embed/styles/lounge.305cef62f65d619287ed5bfd8a11158b.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
3900256
strict-transport-security
max-age=300; includeSubdomains
content-length
2971
cf-request-id
09e5cb7f06000005f9b6b13000000001
timing-allow-origin
*
last-modified
Wed, 27 Jan 2021 17:23:07 GMT
server
cloudflare
etag
"6011a17b-b9b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
cf-ray
64b64844dac105f9-FRA
x-amz-cf-id
q5jgrStVZkIXwoeWl-0NV5kOTl3gUhXoFnG6duBoANQ7uCbV2CG0hw==
expires
Thu, 03 Feb 2022 04:58:07 GMT
sprite.654110a9206fd22f08cca0798e34a65e.png
c.disquscdn.com/next/embed/assets/img/ Frame CDC8
2 KB
2 KB
Image
General
Full URL
https://c.disquscdn.com/next/embed/assets/img/sprite.654110a9206fd22f08cca0798e34a65e.png
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.305cef62f65d619287ed5bfd8a11158b.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cdba739c28b41f39ce438f2bf204fe739dc81a26cf559a9394ceed56a0666bee
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://c.disquscdn.com/next/embed/styles/lounge.305cef62f65d619287ed5bfd8a11158b.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
3900256
strict-transport-security
max-age=300; includeSubdomains
content-length
1862
cf-request-id
09e5cb7f06000005f992a95000000001
timing-allow-origin
*
last-modified
Wed, 27 Jan 2021 17:23:07 GMT
server
cloudflare
etag
"6011a17b-746"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
cf-ray
64b64844dac605f9-FRA
x-amz-cf-id
fr8oqTiiJNjngbxxbbzdPubkItSDgWPvQgvsirNZje_qJPTOHh_w9Q==
expires
Sun, 30 Jan 2022 08:29:46 GMT
icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
c.disquscdn.com/next/embed/assets/font/ Frame CDC8
8 KB
8 KB
Font
General
Full URL
https://c.disquscdn.com/next/embed/assets/font/icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.305cef62f65d619287ed5bfd8a11158b.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Origin
https://disqus.com
Referer
https://c.disquscdn.com/next/embed/styles/lounge.305cef62f65d619287ed5bfd8a11158b.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
3900273
strict-transport-security
max-age=300; includeSubdomains
content-length
7900
cf-request-id
09e5cb7f0700004aa48cb45000000001
timing-allow-origin
*
last-modified
Wed, 03 Feb 2021 18:02:57 GMT
server
cloudflare
etag
"601ae551-1edc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
cf-ray
64b64844d9854aa4-FRA
x-amz-cf-id
pXrMY0uP9Ph1D8CIsGtxF2iWkq2BDSl6Tqg81UamkNwx4ECC-LQcUA==
expires
Sun, 06 Feb 2022 07:54:37 GMT
noavatar92.png
a.disquscdn.com/1619042223/images/ Frame CDC8
2 KB
2 KB
Image
General
Full URL
https://a.disquscdn.com/1619042223/images/noavatar92.png
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.daad0ef0a39804d0796d79f216ca4d2e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:24 GMT
x-content-type-options
nosniff
last-modified
Fri, 26 Feb 2021 20:50:09 GMT
server
nginx
age
876495
etag
"60395f01-66c"
strict-transport-security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection
1; mode=block
cache-control
max-age=2592000
x-amz-cf-pop
FRA50-C1
content-type
image/png
content-length
1644
x-amz-cf-id
Tj3VRQxyQEgzMA4L2qLAP6EW9DAgOcCEIU2v0nhX33lV5MxxQe7gFw==
expires
Wed, 26 May 2021 20:52:08 GMT
sdk.js
connect.facebook.net/en_US/ Frame CDC8
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.f485ba8b89bf2153fdb9f493ec342aed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f008:8:face:b00c:0:1 Milan, Italy, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
50ab5233001d5492eb41952f7a0beef4743063579983b0a92a13edc1c9aad646
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
4DuEa7fpOqeE4FWDrpCh5w==
cross-origin-resource-policy
cross-origin
expires
Fri, 07 May 2021 00:31:04 GMT
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1780
x-fb-rlafr
0
x-fb-debug
D5xwomNCjgAHft1T30/LWty8+K12WUtzDoCX1lxHKZwp28DlyyzuFtswkt0b3M12THiOKuRZUCyhs1t7eJLUlw==
x-fb-trip-id
19638678
x-fb-content-md5
1d91ddc7acb7a015c919a0cb9002c329
date
Fri, 07 May 2021 00:20:24 GMT
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"f86c53527d6a49036e303c6e785ce1c9"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
api.js
apis.google.com/js/ Frame CDC8
12 KB
6 KB
Script
General
Full URL
https://apis.google.com/js/api.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.f485ba8b89bf2153fdb9f493ec342aed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a7ae12d06801f349cd30e7388bf801926c741a34c5c4c5e287fa1e3346e11613
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-qIa8YffeNCdk9D1PcyWrpw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge, chrome=1
server
ESF
x-frame-options
SAMEORIGIN
etag
"cd5b87ba7f95c068005645409cce8845"
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
content-security-policy
script-src 'report-sample' 'nonce-qIa8YffeNCdk9D1PcyWrpw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin
*
expires
Fri, 07 May 2021 00:20:24 GMT
svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame CDC8
13 KB
13 KB
Image
General
Full URL
https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.305cef62f65d619287ed5bfd8a11158b.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://c.disquscdn.com/next/embed/styles/lounge.305cef62f65d619287ed5bfd8a11158b.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:24 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
3900256
strict-transport-security
max-age=300; includeSubdomains
content-length
13079
cf-request-id
09e5cb7fcc000005f970b86000000001
timing-allow-origin
*
last-modified
Wed, 03 Feb 2021 18:02:57 GMT
server
cloudflare
etag
"601ae551-3317"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml; charset=utf-8
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
cf-ray
64b648461cdb05f9-FRA
x-amz-cf-id
u5aj5DP6QMZrJ6I7jx1Wc3d2qOMZ4C8kh8YfJv2eAUXws5l8rCpo3g==
expires
Sun, 06 Feb 2022 13:14:53 GMT
noavatar92.png
a.disquscdn.com/1619042223/images/ Frame CDC8
2 KB
2 KB
Image
General
Full URL
https://a.disquscdn.com/1619042223/images/noavatar92.png
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.daad0ef0a39804d0796d79f216ca4d2e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:24 GMT
x-content-type-options
nosniff
last-modified
Fri, 26 Feb 2021 20:50:09 GMT
server
nginx
age
876495
etag
"60395f01-66c"
strict-transport-security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection
1; mode=block
cache-control
max-age=2592000
x-amz-cf-pop
FRA50-C1
content-type
image/png
content-length
1644
x-amz-cf-id
Tj3VRQxyQEgzMA4L2qLAP6EW9DAgOcCEIU2v0nhX33lV5MxxQe7gFw==
expires
Wed, 26 May 2021 20:52:08 GMT
sdk.js
connect.facebook.net/en_US/ Frame CDC8
211 KB
62 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=5a18157ec2780fc37a5ec59a2921a739&ua=modern_es6
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f008:8:face:b00c:0:1 Milan, Italy, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
169ba99b7e3f36363b46cb54fc94b49ac8ef2675598893f156f5d938d860ac6a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Origin
https://disqus.com
Referer
https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
keDNhlURj33gYZFco03t5w==
cross-origin-resource-policy
cross-origin
expires
Fri, 06 May 2022 22:48:27 GMT
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
63664
x-fb-rlafr
0
x-fb-debug
S3GWyGxFRT4XqU5bRtUGTnwik3ylkKq6O8dWYV00cLvc5sZsuEevSX4r1Aq3fM+uLXoRRhuuFKn6nozh6DN/SA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
86e295305be04eff3b243ea8f767eb6d
date
Fri, 07 May 2021 00:20:24 GMT
x-frame-options
DENY
report-to
{"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"012d00bf08ac56da1688fe9321238943"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.bSaSBnJo3mU.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOlScUDCc6laSimwcYo4nXUQAS-sQ/ Frame CDC8
103 KB
34 KB
Script
General
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.bSaSBnJo3mU.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOlScUDCc6laSimwcYo4nXUQAS-sQ/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/api.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1f97c4a1e81f37dff31489b1920a0517aa63fb260f5d1f6fc4353a84b45eb585
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 04 May 2021 19:12:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 27 Apr 2021 17:53:46 GMT
server
sffe
age
191253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34956
x-xss-protection
0
expires
Wed, 04 May 2022 19:12:51 GMT
noavatar92.png
a.disquscdn.com/1619042223/images/ Frame CDC8
2 KB
2 KB
Image
General
Full URL
https://a.disquscdn.com/1619042223/images/noavatar92.png
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.daad0ef0a39804d0796d79f216ca4d2e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:24 GMT
x-content-type-options
nosniff
last-modified
Fri, 26 Feb 2021 20:50:09 GMT
server
nginx
age
876496
etag
"60395f01-66c"
strict-transport-security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection
1; mode=block
cache-control
max-age=2592000
x-amz-cf-pop
FRA50-C1
content-type
image/png
content-length
1644
x-amz-cf-id
Tj3VRQxyQEgzMA4L2qLAP6EW9DAgOcCEIU2v0nhX33lV5MxxQe7gFw==
expires
Wed, 26 May 2021 20:52:08 GMT
iframe
accounts.google.com/o/oauth2/ Frame EE4F
513 B
553 B
Document
General
Full URL
https://accounts.google.com/o/oauth2/iframe
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.bSaSBnJo3mU.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOlScUDCc6laSimwcYo4nXUQAS-sQ/cb=gapi.loaded_0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e80946891c45678b99fd0892f5847f60508c106528a471ce3ec90021d66cc7be
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-traZLGtMgoEseJcgh51rjA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
accounts.google.com
:scheme
https
:path
/o/oauth2/iframe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
NID=215=VmpUsAPrrdDh6GUpXZfYig-4yHecuOlZ3LB6xzHDnPcMrmscHZC9gnY1O8hdOY7W_FgFdSH6xL3ZN0F8xQuH71hhxk6pVbuzDASmQQlWMrucq0RVNMTHCPqLxyxFS3TPB9fYmTudGAjYGEukHepQnPH8UQHrY0VtK4s7yQutyOI
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default

Response headers

content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Fri, 07 May 2021 00:20:24 GMT
content-language
en-US
content-security-policy
script-src 'report-sample' 'nonce-traZLGtMgoEseJcgh51rjA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding
gzip
server
ESF
x-xss-protection
0
x-content-type-options
nosniff
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
noavatar92.png
a.disquscdn.com/1619042223/images/ Frame CDC8
2 KB
2 KB
Image
General
Full URL
https://a.disquscdn.com/1619042223/images/noavatar92.png
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.daad0ef0a39804d0796d79f216ca4d2e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:24 GMT
x-content-type-options
nosniff
last-modified
Fri, 26 Feb 2021 20:50:09 GMT
server
nginx
age
876496
etag
"60395f01-66c"
strict-transport-security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection
1; mode=block
cache-control
max-age=2592000
x-amz-cf-pop
FRA50-C1
content-type
image/png
content-length
1644
x-amz-cf-id
Tj3VRQxyQEgzMA4L2qLAP6EW9DAgOcCEIU2v0nhX33lV5MxxQe7gFw==
expires
Wed, 26 May 2021 20:52:08 GMT
status
www.facebook.com/x/oauth/ Frame CDC8
0
0
Fetch
General
Full URL
https://www.facebook.com/x/oauth/status?ancestor_origins=https%3A%2F%2Fpentest.blog&client_id=52254943976&input_token&origin=1&redirect_uri=https%3A%2F%2Fdisqus.com%2Fembed%2Fcomments%2F%3Fbase%3Ddefault%26f%3Dpentestblog%26t_i%3D454%2520https%253A%252F%252Fpentest.blog%252F%253Fp%253D454%26t_u%3Dhttps%253A%252F%252Fpentest.blog%252Fwindows-privilege-escalation-methods-for-pentesters%252F%26t_e%3DWindows%2520Privilege%2520Escalation%2520Methods%2520for%2520Pentesters%26t_d%3DWindows%2520Privilege%2520Escalation%2520Methods%2520for%2520Pentesters%26t_t%3DWindows%2520Privilege%2520Escalation%2520Methods%2520for%2520Pentesters%26s_o%3Ddefault%23version%3Ddfaa05f4d3af8a4fe09cfd70007bc5b2&sdk=joey&wants_cookie_data=false
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.f485ba8b89bf2153fdb9f493ec342aed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f108:83:face:b00c:0:25de Milan, Italy, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://disqus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
x-content-type-options
nosniff
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
0
x-fb-rlafr
0
pragma
no-cache
x-fb-debug
P9zOHYuUqk25weytts5PyQqUk4VkXHlxQxtiFtDBTbFoyra7W2E3YbQqa0urG2yYhaKYm1nlKp9m5sLmLl2Wdw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
fb-s
unknown
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 07 May 2021 00:20:25 GMT
report-to
{"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://disqus.com
access-control-expose-headers
fb-s
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
expires
Sat, 01 Jan 2000 00:00:00 GMT
2515317930-idpiframe.js
ssl.gstatic.com/accounts/o/ Frame EE4F
111 KB
39 KB
Script
General
Full URL
https://ssl.gstatic.com/accounts/o/2515317930-idpiframe.js
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/iframe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ce22830dd89ea4833c4764c2916dcb892de1dd05a604d0189f689d54cf751df6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 06 May 2021 07:22:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 30 Apr 2021 06:29:47 GMT
server
sffe
age
61072
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39130
x-xss-protection
0
expires
Fri, 06 May 2022 07:22:33 GMT
iframerpc
accounts.google.com/o/oauth2/ Frame EE4F
14 B
58 B
XHR
General
Full URL
https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Fdisqus.com&client_id=508198334196-bgmagrg0a2rub674g0shidj8fnd50dji.apps.googleusercontent.com
Requested by
Host: ssl.gstatic.com
URL: https://ssl.gstatic.com/accounts/o/2515317930-idpiframe.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8daf09a6fc31937457dd77e9c25ce4b21349d605b561a8c5d557841bf964c9a0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://accounts.google.com/o/oauth2/iframe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
X-Requested-With
XmlHttpRequest

Response headers

date
Fri, 07 May 2021 00:20:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
content-type
application/json; charset=utf-8
cache-control
public, max-age=3600
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Fri, 07 May 2021 01:20:25 GMT
noavatar92.png
a.disquscdn.com/1619042223/images/ Frame CDC8
2 KB
2 KB
Image
General
Full URL
https://a.disquscdn.com/1619042223/images/noavatar92.png
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.daad0ef0a39804d0796d79f216ca4d2e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 00:20:25 GMT
x-content-type-options
nosniff
last-modified
Fri, 26 Feb 2021 20:50:09 GMT
server
nginx
age
876496
etag
"60395f01-66c"
strict-transport-security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection
1; mode=block
cache-control
max-age=2592000
x-amz-cf-pop
FRA50-C1
content-type
image/png
content-length
1644
x-amz-cf-id
Tj3VRQxyQEgzMA4L2qLAP6EW9DAgOcCEIU2v0nhX33lV5MxxQe7gFw==
expires
Wed, 26 May 2021 20:52:08 GMT
event.gif
referrer.disqus.com/juggler/ Frame CDC8
43 B
295 B
Image
General
Full URL
https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&integration=wordpress%203.0.21&load_time=1194&event=init_embed&thread=6115200593&forum=pentestblog&forum_id=4765649&imp=8svin01n4klqn&prev_imp&thread_slug=windows_privilege_escalation_methods_for_pentesters&user_type=anon&referrer=https%3A%2F%2Fpentest.blog%2F&theme=next&dnt=0&tracking_enabled=0&experiment=network_default_hidden&variant=fallthrough&service=dynamic&promoted_enabled=false&max_enabled=false
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 07 May 2021 00:20:25 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Content-Type
image/gif
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

56 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| Eager object| CloudflareApps string| GoogleAnalyticsObject function| ga object| _wpemojiSettings undefined| $ function| jQuery function| SparklingIsMobile function| generateMobileMenu function| registerAsciinemaPlayerElement function| JsMutationObserver object| CustomElements function| unwrap function| wrap object| React function| createReactClass object| ReactDOM object| reagent object| asciinema function| gtag object| dataLayer object| countVars string| disqus_shortname object| embedVars string| disqus_url string| disqus_identifier string| disqus_container_id string| disqus_title undefined| disqus_config_custom function| disqus_config object| addComment object| EnlighterJS function| EnlighterJSINIT object| wp object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| twemoji object| google_tag_manager object| DISQUSWIDGETS undefined| disqus_domain object| DISQUS

5 Cookies

Domain/Path Name / Value
.pentest.blog/ Name: _gat_gtag_UA_88100923_1
Value: 1
.pentest.blog/ Name: _ga
Value: GA1.2.618968929.1620346824
.pentest.blog/ Name: _gat
Value: 1
.pentest.blog/ Name: _gid
Value: GA1.2.1239838043.1620346824
.pentest.blog/ Name: __cfduid
Value: d9f977574606a2534714c883371ae95c01620346822

1 Console Messages

Source Level URL
Text
console-api log URL: https://pentest.blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2(Line 2)
Message:
JQMIGRATE: Migrate is installed, version 3.3.2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.disquscdn.com
accounts.google.com
apis.google.com
c.disquscdn.com
connect.facebook.net
disqus.com
fonts.googleapis.com
fonts.gstatic.com
pentest.blog
pentestblog.disqus.com
referrer.disqus.com
s.w.org
ssl.gstatic.com
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
104.21.83.51
151.101.114.49
151.101.128.134
192.0.77.48
199.232.196.134
2606:4700::6812:a813
2a00:1450:4001:802::2003
2a00:1450:4001:802::200d
2a00:1450:4001:802::200e
2a00:1450:4001:803::2003
2a00:1450:4001:808::200e
2a00:1450:4001:811::2008
2a00:1450:4001:813::200a
2a00:1450:4001:828::200d
2a00:1450:4001:829::200e
2a00:1450:4001:82b::2003
2a03:2880:f008:8:face:b00c:0:1
2a03:2880:f108:83:face:b00c:0:25de
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
08b05aa1232219b6c9a71eb156f0853da0ed1a63adcf147f3d9e71e8b0574e4f
0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c
169ba99b7e3f36363b46cb54fc94b49ac8ef2675598893f156f5d938d860ac6a
17041df2bda03e102abe51f82147a6c987d346b4e4e19525b5085e9056e55947
1bfb6f2343446cef6183476a8e72ac1833ca9e9375f03dcee452b1ba08ab72d4
1d06b4b1d8fb3e29af8a425cf48533927f3b2ed1cd4c49029197d9a62f0fcd9d
1d38f3ca3272d3a47bcfa9fe9cb8268eae714759453f56151b898394b24c6889
1f97c4a1e81f37dff31489b1920a0517aa63fb260f5d1f6fc4353a84b45eb585
2123b61f26a87c608f5e339df52bb4bf85dfa17718ee83b80e9b869e07c9a447
22f84dc9c2f60b45767285d160ce6c4fab3436b2ed3835bcd6cedbe137235ac6
2468609517599c10415c9c9b65024cf697b747dbb837d07d0ea12130f224c65f
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
28e9420a6d03a70b837b51c9fbe1bb1f819a3d4aa71bffa07f7c3e79d7dcf878
29778a6252b89c79ad8a313692c3f4b8ff5e300c463858732f28da488dd2cc05
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
31b816eb40dd68ec64b697c2f87018a94a875c7c88a372689ba7d07e691e7e8d
3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4
33d9c56f2b1408711b9b963963790177ac4e7c38a5ecf0e3c12f558c676e294b
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
50ab5233001d5492eb41952f7a0beef4743063579983b0a92a13edc1c9aad646
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
5706a629c5d91a9d57fbd64b44829d7186ce3e513a732ce7062828cf29457f7a
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
6048e330c0f362be46b20de45d35a5ace57a04be04a29da10448d6949f6f69ce
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
70f45edb4312dd24f37106cd7503989dcf72662e74c704dc3c8b7b696981c49b
74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b
746eb68201ea9e457d24cb923fbe3f0b8586cf0613d2f91fba21b724e018a105
79279c8900d692d54bd3468993728088da3a33f5eabe667637554d3811000837
7b11eb90259a2ae13dbaf0d042b8fd154e57e4abffb629d7ca9509f6f6f996a6
7e0c4a1ed3d232553d98c82ea0e04cee8975d0a67df819e161f96e7c32179e8c
81bc56a45a26c9708def87a97e682483fcb6b959b492aca792b1f57b7df0096c
867bde5f1930963a16e7dac4c891142edaa529a4428bb3486165757b7c8ead08
87bcc22d43cfa00bd1cf5e3a35aad79150b4ce804899db3ea93efe57eeb6dbf7
8c79f09d1e74eadaf897561f5d70265ed2884663d34ad9c4d7f2aebff3b85a6b
8daf09a6fc31937457dd77e9c25ce4b21349d605b561a8c5d557841bf964c9a0
943c44a0f3dc1aba84f5fbe8465baadbb90af66cd7be9f37ca07a39260357ad2
9c222de21cd15bd1b3546d7631994d06fa4dbd1a21cbab9938624fd48131a245
9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a163fb094ea045758fdb0d81a16a8e8265adb94dcfc945e4235942250ab2e2a5
a4d5d17019ea0b43378cf13376e6e8f2059f47cf5e66074dd208f417543cf3d3
a70001940d43804b9ce5a960780ca25aca8df10800126046fe4e9634e309aad3
a7ae12d06801f349cd30e7388bf801926c741a34c5c4c5e287fa1e3346e11613
a7d14b983e535139708c6526fcd9c46fb986f2a9e77fba33da4b811bab6dac9a
ab21fef3ac4ee12ebb305942f85de99b290b8a24654c69060e54673d5f3a11f2
b385fd0614f2927f0e7fdc03ccdb2428e3a93de0c7fe467149b34213cc32c0f6
b510b8c3b6d17c4d7155538bf2d5da7cf2f36eb6eca9846224da240898ed3f1d
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c0568923127c7ec9017ee440b069d4dd0f964388dd29555d1a01c223bc01746b
cdba739c28b41f39ce438f2bf204fe739dc81a26cf559a9394ceed56a0666bee
ce22830dd89ea4833c4764c2916dcb892de1dd05a604d0189f689d54cf751df6
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0627e883f59b06ada61af684c0636818d0e01f4c3fed677f83f974196b8316f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7f5a831ead8920451598097754bb1d4fbf16fff1fd90794b950724867345794
e80946891c45678b99fd0892f5847f60508c106528a471ce3ec90021d66cc7be
ed6198299ea8edc79f99837a0768a8c96f36d759bc697fde1e115aae90fa4f32
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
f3bce9f7694e1e5ae61f21bdf51af4e502ced317f0471b6b3609b3000dd3d408
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c