Checklist (Priv Esc)

some priv esc techniques

msfconsole

multi/recon/local_exploit_suggester

set SESSION <num> #you need a shell/session on the box first (ofc).

exploit suggester

https://github.com/AonCyberLabs/Windows-Exploit-Suggester

  • note the above script might not work, since development was stopped

  • dont rely on it much.

UACme

https://github.com/hfiref0x/UACME

======================

post exploitation

  • get sys info

systeminfo
  • custom info

wmic qfe get Caption,Description,HotFixID,InstalledOn
  • cat eula.txt

type C:\System32\eula.txt
  • check other users

msfconsole 

use post/windows/gather/enum_logged_on_users
  • get user details

net user <username>
  • to check how many users are there on a group

net localgroup adminisrators
#net localgroup <group_name>

Last updated