InfoSec, Microsoft help

Getting Windows info to help escalate privileges

So you’ve got a shell back onto a Windows system, but you have limited privileges – here are some tips to try in getting information that might assist in escalating privilege:

Query Windows for scheduled tasks:
schtasks /query /fo LIST /v

To manually view tasks check these locations:

Find strings that have the word password in it:
findstr /si password *.txt
(This will search the text files on the system for a string containing the word “password” – you can also use .xml or .ini)

Search system files for juicy content:
dir /s *pass* == *cred* == *vnc* == *.config*

Get the OS version (handy when searching for possible exploits):

This list is by no means exhaustive, please feel free to comment and add your own to this list.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s