THE CU
  • Home
  • Blogs
  • Offense
    • Pen Tester Training Program
    • Offensive Cheat Sheets >
      • Bash Commands
      • Network Enumeration
      • Web Enumeration
      • Windows Post Ex
      • Metasploit
      • Shells
      • PowerShell
    • Offensive Links
  • Defense
    • Junior SOC Analyst Roadmap
    • Intermediate SOC Analyst Training Program
    • Defense Links
    • RDP Analysis
  • Land A Job
    • Entry-Level InfoSec Jobs
    • Improve Resume
    • Find a Job
    • Interview Prep
    • Grow as a Practitioner
    • Get Experience
  • FAQS
  • Other
    • Certifications
    • Finance, Travel, and Mental HealthBooks
    • Finance Resources
    • Infosec Conferences
    • CTFs
    • Cyber Ranges
    • Twitter People to Follow
    • Podcasts
    • Books
    • Twitch Streamers

Windows Post Exploitation
Cheat Sheet

Command-Line

Get Username
whoami /all

echo %username%
net user %username%

Get Hostname
hostname

Get OS Info
systeminfo | findstr /B /C:”OS Name” /C:”OS Version”

Get Interface Info
ipconfig /all

Display Settings: password, logon limitations, and domain information
net accounts

List users in local “administrators” group
net localgroup administrators

Lists Shared Resources

net share

Print Path
echo %path%

Startup and Services

View Scheduled Tasks
schtasks /query /fo LIST /v

View Running processes and  startup service

tasklist /SVC

View Services started
net start

Priv Esc Tricks

AlwaysInstallElevated Key
Description: If Error then the key doesn’t Exist however if it does see AlwaysInstallElevated Key priv esc. Run both because both need to be present
Commands:
reg query
HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated
reg query HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated
​
Unquoted Service Paths
Description: If results are returned see Priv Esc Guide for Unquoted Service Paths
Link: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Command:
wmic service get name,displayname,pathname,startmode |findstr /i “Auto” |findstr /i /v “C:\Windows\\” |findstr /i /v “””
Home      Blogs    Disclaimers    Copyright Notice   Cookie Policy ​
  • Home
  • Blogs
  • Offense
    • Pen Tester Training Program
    • Offensive Cheat Sheets >
      • Bash Commands
      • Network Enumeration
      • Web Enumeration
      • Windows Post Ex
      • Metasploit
      • Shells
      • PowerShell
    • Offensive Links
  • Defense
    • Junior SOC Analyst Roadmap
    • Intermediate SOC Analyst Training Program
    • Defense Links
    • RDP Analysis
  • Land A Job
    • Entry-Level InfoSec Jobs
    • Improve Resume
    • Find a Job
    • Interview Prep
    • Grow as a Practitioner
    • Get Experience
  • FAQS
  • Other
    • Certifications
    • Finance, Travel, and Mental HealthBooks
    • Finance Resources
    • Infosec Conferences
    • CTFs
    • Cyber Ranges
    • Twitter People to Follow
    • Podcasts
    • Books
    • Twitch Streamers