PEAS
*evil-winrm* ps c:\tmp> upload winPEASx64.exe C:\tmp\
info: Uploading /home/kali/archive/htb/labs/cerberus/winPEASx64.exe to C:\tmp\
data: 2624852 bytes of 2624852 bytes copied
info: Upload successful!Delivery complete
Executing PEAS
LAPS
LSA Protection
Credentials Guard
Cached Creds
AV
No AV
UAC
PowerShell
KrbRelayUp
NTLM
User Privileges (matthew)
AutoLogon
*Evil-WinRM* PS C:\tmp> cmd /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogon"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogon
AutoRestartShell REG_DWORD 0x1
Background REG_SZ 0 0 0
CachedLogonsCount REG_SZ 10
DebugServerCommand REG_SZ no
DefaultDomainName REG_SZ CERBERUS
DefaultUserName REG_SZ
DisableBackButton REG_DWORD 0x1
EnableSIHostIntegration REG_DWORD 0x1
ForceUnlockLogon REG_DWORD 0x0
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PasswordExpiryWarning REG_DWORD 0x5
PowerdownAfterShutdown REG_SZ 0
PreCreateKnownFolders REG_SZ {A520A1A4-1780-4FF6-BD18-167343C5AF16}
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
ShellCritical REG_DWORD 0x0
ShellInfrastructure REG_SZ sihost.exe
SiHostCritical REG_DWORD 0x0
SiHostReadyTimeOut REG_DWORD 0x0
SiHostRestartCountLimit REG_DWORD 0x0
SiHostRestartTimeGap REG_DWORD 0x0
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VMApplet REG_SZ SystemPropertiesPerformance.exe /pagefile
WinStationsDisabled REG_SZ 0
scremoveoption REG_SZ 0
DisableCAD REG_DWORD 0x1
LastLogOffEndTimePerfCounter REG_QWORD 0xa1bb868e
ShutdownFlags REG_DWORD 0x8000022b
ShellAppRuntime REG_SZ ShellAppRuntime.exe
DisableLockWorkstation REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogon\AlternateShells
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogon\GPExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogon\UserDefaults
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogon\AutoLogonChecked
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogon\VolatileUserMgrKeyInstalled Programs
Google?
*evil-winrm* ps c:\> dir "C:\Program Files (x86)"
directory: C:\Program Files (x86)
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 9/15/2018 12:28 AM Common Files
d----- 1/17/2024 10:14 AM Google
d----- 9/7/2022 4:34 AM Internet Explorer
d----- 1/29/2023 11:12 AM ManageEngine
d----- 9/15/2018 12:19 AM Microsoft.NET
d----- 8/24/2021 7:47 AM Windows Defender
d----- 8/24/2021 7:47 AM Windows Mail
d----- 9/7/2022 4:34 AM Windows Media Player
d----- 9/15/2018 12:19 AM Windows Multimedia Platform
d----- 9/15/2018 12:28 AM windows nt
d----- 8/24/2021 7:47 AM Windows Photo Viewer
d----- 9/15/2018 12:19 AM Windows Portable Devices
d----- 9/15/2018 12:19 AM WindowsPowerShellGoogle
ManageEngine
Active Ports
Microsoft.IdentityServer.ServiceHost
java
FW
adPEAS
*Evil-WinRM* PS C:\tmp> upload adPEAS.ps1 C:\tmp\
Info: Uploading /home/kali/archive/htb/labs/cerberus/adPEAS.ps1 to C:\tmp\
Data: 4159704 bytes of 4159704 bytes copied
Info: Upload successful!Delivery complete
Executing adPEAS
Domain
ms-DS-MachineAccountQuota
ADCS
WebServerAD
CA-Users
EFS
WebServer
Machine
User
SubCA
gMSA
adfs_svc$
Domain Group Membership (matthew)
SharpHound
cerberus.local_20240117101133_BloodHound.zip
It did run.