PEAS
After manual enumeration, I decided to run PEAS to make sure that I didn’t miss anything out.
[?] windows vulns search powered by watson(https://github.com/rasta-mouse/Watson)
[*] os version: 1703 (15063)
[*] Enumerating installed KBs...
[!] cve-2019-0836 : VULNERABLE
[>] https://exploit-db.com/exploits/46718
[>] https://decoder.cloud/2019/04/29/combinig-luafv-postluafvpostreadwrite-race-condition-pe-with-diaghub-collector-exploit-from-standard-user-to-system/
[!] cve-2019-0841 : VULNERABLE
[>] https://github.com/rogue-kdc/CVE-2019-0841
[>] https://rastamouse.me/tags/cve-2019-0841/
[!] cve-2019-1064 : VULNERABLE
[>] https://www.rythmstick.net/posts/cve-2019-1064/
[!] cve-2019-1130 : VULNERABLE
[>] https://github.com/S3cur3Th1sSh1t/SharpByeBear
[!] cve-2019-1253 : VULNERABLE
[>] https://github.com/padovah4ck/CVE-2019-1253
[>] https://github.com/sgabe/CVE-2019-1253
[!] cve-2019-1315 : VULNERABLE
[>] https://offsec.almond.consulting/windows-error-reporting-arbitrary-file-move-eop.html
[*] Finished. Found 6 potential vulnerabilities.The embedded Watson found a total of 6 vulnerabilities
UAC
Installed .NET
NetNTLMv2 hash for the current user.
I got it too through SMB
This is a configuration file for an IIS (Internet Information Services) application pool, specifically for the “DefaultAppPool” app pool. The password attribute is encoded using the IISCngProvider algorithm, which is used to encrypt sensitive information in IIS configuration files. The encoded value is a string of characters that can be decrypted using the appropriate key to reveal the original password value.