Windows Priv Esc

 
How to check what service is open on windows
 netstat -ab  
USEFUL WINDOWS COMMANDS
​
whoami /priv
whoami /all 
​
SEImpersonatePrivilege > potato
SeShutdownPrivilege > insecure file perm enum path
net config Workstation
systeminfo
net users
​
ipconfig /all
netstat -ano
​
schtasks /query /fo LIST /v
tasklist /SVC
net start
DRIVERQUERY
​
reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated
reg query HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated
​
dir /s pass == cred == vnc == .config
findstr /si password *.xml *.ini *.txt
reg query HKLM /f password /t REG_SZ /s
reg query HKCU /f password /t REG_SZ /s
​
# Disable windows defender
sc stop WinDefend
​
# Bypass restriction
powershell -nop -ep bypass
​
# List hidden files
dir /a
​
# Find a file
dir /b/s "<FILE>"
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ReleaseId
ReleaseId    REG_SZ    1803
​
check the exploitdb for vulns

Antivirus Evasion

Basic Windows Priv Esc

Last modified 10mo ago