So you’ve got a shell back onto a Windows system, but you have limited privileges – here are some tips to try in getting information that might assist in escalating privilege:

Query Windows for scheduled tasks:
schtasks /query /fo LIST /v

To manually view tasks check these locations:
c:\windows\tasks
c:\windows\system32\tasks

Find strings that have the word password in it:
findstr /si password *.txt
(This will search the text files on the system for a string containing the word “password” – you can also use .xml or .ini)

Search system files for juicy content:
dir /s *pass* == *cred* == *vnc* == *.config*

Get the OS version (handy when searching for possible exploits):
ver

This list is by no means exhaustive, please feel free to comment and add your own to this list.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s