Enumerating as the iis apppool\web user
Continuing Post Enumeration
System/Kernel
windows\system32\inetsrv> systeminfo
host name: DEVEL
os name: Microsoft Windows 7 Enterprise
os version: 6.1.7600 N/A Build 7600
os manufacturer: Microsoft Corporation
os configuration: Standalone Workstation
os build type: Multiprocessor Free
registered owner: babis
registered organization:
product id: 55041-051-0948536-86302
original install date: 17/3/2017, 4:17:31 ??
system boot time: 13/10/2022, 6:55:11 ??
system manufacturer: VMware, Inc.
system model: VMware Virtual Platform
system type: X86-based PC
processor(s): 1 Processor(s) Installed.
[01]: x64 Family 23 Model 49 Stepping 0 AuthenticAMD ~2994 Mhz
bios version: Phoenix Technologies LTD 6.00, 12/12/2018
windows directory: C:\Windows
system directory: C:\Windows\system32
boot device: \Device\HarddiskVolume1
system locale: el;Greek
input locale: en-us;English (United States)
time zone: (UTC+02:00) Athens, Bucharest, Istanbul
total physical memory: 3.071 MB
available physical memory: 2.407 MB
virtual memory: Max Size: 6.141 MB
virtual memory: Available: 5.479 MB
virtual memory: In Use: 662 MB
page file location(s): C:\pagefile.sys
domain: HTB
logon server: N/A
hotfix(s): N/A
network card(s): 1 NIC(s) Installed.
[01]: vmxnet3 Ethernet Adapter
connection name: Local Area Connection 3
dhcp enabled: No
IP address(es)
[01]: 10.10.10.5
[02]: fe80::58c0:f1cf:abc6:bb9e
[03]: dead:beef::f0f1:9762:4671:f948
[04]: dead:beef::58c0:f1cf:abc6:bb9eMicrosoft Windows 7 Enterprise 6.1.7600 N/A Build 7600
X86-based PC
Networks
PS C:\windows\system32\inetsrv> netstat -ano
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 1368
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 680
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 372
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 756
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 848
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 472
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING 488
TCP 10.10.10.5:80 10.10.14.7:51670 ESTABLISHED 4
TCP 10.10.10.5:139 0.0.0.0:0 LISTENING 4
TCP 10.10.10.5:49176 10.10.14.7:9999 ESTABLISHED 1448
UDP 0.0.0.0:123 *:* 960
UDP 0.0.0.0:3702 *:* 1336
UDP 0.0.0.0:3702 *:* 1336
UDP 0.0.0.0:5355 *:* 1044
UDP 0.0.0.0:55795 *:* 1336
UDP 10.10.10.5:137 *:* 4
UDP 10.10.10.5:138 *:* 4
UDP 10.10.10.5:1900 *:* 1336
UDP 127.0.0.1:1900 *:* 1336
UDP 127.0.0.1:51646 *:* 1336Users & Groups
ps c:\windows\system32\inetsrv> net user
User accounts for \\
-------------------------------------------------------------------------------
Administrator babis Guest
The command completed with one or more errors.babis
ps c:\windows\system32\inetsrv> net localgroup
ps c:\windows\system32\inetsrv>
A specified logon session does not exist. It may already have been terminated.Processes
PS C:\windows\system32\inetsrv> ps
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
26 2 1780 2000 16 0,02 3048 cmd
33 2 548 2204 21 0,00 2728 conhost
522 6 1376 3320 35 320 csrss
74 5 7676 6192 37 372 csrss
0 0 0 24 0 0 Idle
190 18 9372 17188 102 744 LogonUI
550 10 2708 7048 32 492 lsass
132 3 1028 2628 13 500 lsm
145 9 2572 6100 40 1012 msdtc
329 14 31516 33656 160 3,82 1600 powershell
598 15 17172 9884 94 3180 SearchIndexer
192 7 3304 6048 28 472 services
30 1 260 784 4 232 smss
267 9 4500 8432 59 1164 spoolsv
167 4 2172 6256 33 2960 sppsvc
349 7 2848 7096 36 592 svchost
237 8 2604 5784 29 668 svchost
398 11 8892 11876 52 756 svchost
291 8 25152 29164 92 792 svchost
841 18 13428 23284 94 832 svchost
331 14 4944 9776 53 944 svchost
393 15 11076 14008 78 1028 svchost
305 24 8764 9896 44 1204 svchost
92 5 2816 6464 31 1304 svchost
237 12 3688 7228 51 1332 svchost
156 8 3412 7300 34 1396 svchost
142 7 5176 8324 35 1592 svchost
334 34 151364 15156 214 3008 svchost
469 0 44 500 2 4 System
97 5 3236 8268 54 1456 VGAuthService
297 12 7464 15072 74 1540 vmtoolsd
387 20 23516 25012 361 0,39 852 w3wp
79 5 932 3284 34 380 wininit
95 4 1668 4448 39 428 winlogon
219 7 6260 10852 40 108 WmiPrvSE Tasks
ps c:\windows\system32\inetsrv> schtasks /QUERY /FO TABLE | findstr /v /i "\Microsoft"
folder: \
TaskName Next Run Time Status
======================================== ====================== ===============
info: There are no scheduled tasks presently available at your access level.
TaskName Next Run Time Status
======================================== ====================== ===============
info: There are no scheduled tasks presently available at your access level.
TaskName Next Run Time Status
======================================== ====================== ===============
info: There are no scheduled tasks presently available at your access level.
TaskName Next Run Time Status
======================================== ====================== ===============
AD RMS Rights Policy Template Management Disabled
AD RMS Rights Policy Template Management N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Proxy N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
consolidator 13/1/2023 3:00:00 ?? Could not start
kernelceiptask 19/1/2023 3:30:00 ?? Ready
usbceip 16/1/2023 1:30:00 ?? Ready
TaskName Next Run Time Status
======================================== ====================== ===============
scheduleddefrag 18/1/2023 1:11:13 ?? Ready
TaskName Next Run Time Status
======================================== ====================== ===============
scheduled 15/1/2023 1:00:00 ?? Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft-Windows-DiskDiagnosticDataColl Disabled
Microsoft-Windows-DiskDiagnosticResolver Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Notifications N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
winsat 15/1/2023 1:00:00 ?? Could not start
TaskName Next Run Time Status
======================================== ====================== ===============
ActivateWindowsSearch N/A Ready
ConfigureInternetTimeService N/A Ready
DispatchRecoveryTasks N/A Ready
ehDRMInit N/A Ready
InstallPlayReady N/A Ready
mcupdate N/A Ready
MediaCenterRecoveryTask N/A Ready
ObjectStoreRecoveryTask N/A Ready
OCURActivate N/A Ready
OCURDiscovery N/A Ready
PBDADiscovery N/A Ready
PBDADiscoveryW1 N/A Ready
PBDADiscoveryW2 N/A Ready
PeriodicScanRetry Disabled
PvrRecoveryTask N/A Ready
PvrScheduleTask N/A Ready
RecordingRestart Disabled
RegisterSearch N/A Ready
ReindexSearchRoot N/A Ready
SqlLiteRecoveryTask N/A Ready
UpdateRecordPath N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CorruptionDetector N/A Ready
DecompressionFailureDetector N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
HotStart N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
LPRemove N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SystemSoundsService N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
GatherNetworkInfo N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Background Synchronization Disabled
Logon Synchronization Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
info: There are no scheduled tasks presently available at your access level.
TaskName Next Run Time Status
======================================== ====================== ===============
analyzesystem 24/1/2023 7:41:03 ?? Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ractask 13/1/2023 10:01:00 ?? Ready
TaskName Next Run Time Status
======================================== ====================== ===============
WindowsParentalControls Disabled
WindowsParentalControlsMigration Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
AutoWake Disabled
GadgetManager N/A Ready
SessionAgent Disabled Could not start
SystemDataProviders Disabled Could not start
TaskName Next Run Time Status
======================================== ====================== ===============
sr 14/1/2023 12:00:00 ?? Ready
TaskName Next Run Time Status
======================================== ====================== ===============
IpAddressConflict1 N/A Ready
IpAddressConflict2 N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
MsCtfMonitor N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
synchronizetime 15/1/2023 1:00:00 ?? Ready
TaskName Next Run Time Status
======================================== ====================== ===============
QueueReporting N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UpdateLibrary N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
confignotification 13/1/2023 10:00:00 ?? Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Calibration Loader Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
mp scheduled scan 14/1/2023 2:03:16 ?? Ready
Firewall & AV
PS C:\windows\system32\inetsrv> netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
ICMP configuration for Domain profile:
Mode Type Description
-------------------------------------------------------------------
Enable 2 Allow outbound packet too big
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Enable No Network Discovery
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
ICMP configuration for Standard profile:
Mode Type Description
-------------------------------------------------------------------
Enable 2 Allow outbound packet too big
Log configuration:
-------------------------------------------------------------------
File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .