O
O
OSCP Notes
Search
K

Windows Priv Esc

How to check what service is open on windows

netstat -ab

USEFUL WINDOWS COMMANDS

whoami /priv
whoami /all
SEImpersonatePrivilege > potato
SeShutdownPrivilege > insecure file perm enum path
net config Workstation
systeminfo
net users
ipconfig /all
netstat -ano
schtasks /query /fo LIST /v
tasklist /SVC
net start
DRIVERQUERY
reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated
reg query HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated
dir /s pass == cred == vnc == .config
findstr /si password *.xml *.ini *.txt
reg query HKLM /f password /t REG_SZ /s
reg query HKCU /f password /t REG_SZ /s
# Disable windows defender
sc stop WinDefend
# Bypass restriction
powershell -nop -ep bypass
# List hidden files
dir /a
# Find a file
dir /b/s "<FILE>"
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ReleaseId
ReleaseId REG_SZ 1803
check the exploitdb for vulns