Related Windows Command

Windows Privesc Check

GitHub - pentestmonkey/windows-privesc-check: Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows SystemsGitHub

User

whoami
whoami /groups

Low Hanging Passwords

Dump all files list:

dir /b /a /s c:\ > cdirs.txt

Find all entries related to password:

type cdirs.txt | findstr /i passw

Note the language that the host owner! You may use different languages of password.

Also, remember to enumerate other drives as well! To check network shares:

net use

Interesting Files

install, backup, .bak, .log, .bat, .cmd, .vbs, .cnf, .conf, .config, .ini, .xml, .txt, .gpg, .pgp, .p12, .der, .csr, .cer, id_rsa, id_dsa, .ovpn, vnc, ftp, ssh, vpn, git, .kdbx, .db

unattend.xml
Unattended.xml
sysprep.inf
sysprep.xml
VARIABLES.DAT
setupinfo
setupinfo.bak
web.conf
SiteList.xml
.aws\credentials
.azure\accessTokens.json
.azure\azureProfile.json
gcloud\credentials.db
gcloud\legacy_credentials
gcloud\access_tokens.db

Example:

type cdirs.txt | findstr /i unattend.xml
type <path_to_file> | findstr /i passw

PreviousPivot NextRelated Linux Command

Last updated 4 years ago