search

System Details

The following commands can be used for enumerating various information about the Operating System that can in turn be used for further exploiting or elevating privileges.

chevron-rightHostnamehashtag

The following command can provide info on whether the system is a webserver, database or a domain controller,

hostname
chevron-rightOperating System Version & Architecturehashtag
systeminfo | findstr /B /C:"OS Name" /C:"OS Version" /C:"System Type"
chevron-rightRunning Processes & Serviceshashtag
tasklist /SVC
chevron-rightFirewall Status and Ruleshashtag
netsh advfirewall show currentprofile
netsh advfirewall firewall show rule name=all
chevron-rightScheduled Taskshashtag
schtasks /query /fo LIST /v
chevron-rightNetwork Detailshashtag

Its important to note the different NICs, their IP addresses and the various network settings that are configured into the system,

chevron-rightInstalled Applications and Patch Levelshashtag
chevron-rightReadable/Writable Files and Directorieshashtag
chevron-rightUnmounted Diskshashtag
chevron-rightDevice Drivers & Kernel Moduleshashtag
chevron-rightBinaries that Autoelevatehashtag

There is a registry setting "AlwaysInstalleElevated" which can allow the current user to run Windows installer packages with elevated privileges. In order to exploit this vulnerability, the HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE should have this key enabled.

if the setting is enabled, then an MSI can be designed and run to elevate our privileges.

PreviousPowershell HistoryNextApplications & Services

Last updated