Related Windows Command

Windows Privesc Check

User

whoami
whoami /groups

Low Hanging Passwords

Dump all files list:

dir /b /a /s c:\ > cdirs.txt

Find all entries related to password:

type cdirs.txt | findstr /i passw

Note the language that the host owner! You may use different languages of password.

Also, remember to enumerate other drives as well! To check network shares:

net use

Interesting Files

install, backup, .bak, .log, .bat, .cmd, .vbs, .cnf, .conf, .config, .ini, .xml, .txt, .gpg, .pgp, .p12, .der, .csr, .cer, id_rsa, id_dsa, .ovpn, vnc, ftp, ssh, vpn, git, .kdbx, .db

• unattend.xml

• Unattended.xml

• sysprep.inf

• sysprep.xml

• VARIABLES.DAT

• setupinfo

• setupinfo.bak

• web.conf

• SiteList.xml

• .aws\credentials

• .azure\accessTokens.json

• .azure\azureProfile.json

• gcloud\credentials.db

• gcloud\legacy_credentials

• gcloud\access_tokens.db

Example:

type cdirs.txt | findstr /i unattend.xml
type <path_to_file> | findstr /i passw