PEAS
Conducting an automated enumeration after performing a basic system enumeration
*Evil-WinRM* PS C:\Users\M.harris\Documents> upload winPEASx64.exe
Info: Uploading /home/kali/archive/htb/labs/infiltrator/winPEASx64.exe to C:\Users\M.harris\Documents\winPEASx64.exe
Data: 3183272 bytes of 3183272 bytes copied
Info: Upload successful!Uploaded
Executing PEAS
ENV
������������ User Environment Variables
� Check for some passwords or keys in the env variables
COMPUTERNAME: DC01
PUBLIC: C:\Users\Public
LOCALAPPDATA: C:\Users\M.harris\AppData\Local
PSModulePath: C:\Users\M.harris\Documents\WindowsPowerShell\Modules;C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules
PROCESSOR_ARCHITECTURE: AMD64
Path: C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\Output Messenger Server\Plugins\Output\apache2\bin\;C:\Program Files\Output Messenger Server\Plugins\Output\php\;C:\Program Files\Output Messenger Server\Plugins\Output\mysql\bin\;C:\Users\M.harris\AppData\Local\Microsoft\WindowsApps
CommonProgramFiles(x86): C:\Program Files (x86)\Common Files
ProgramFiles(x86): C:\Program Files (x86)
PROCESSOR_LEVEL: 25
ProgramFiles: C:\Program Files
PATHEXT: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.CPL
USERPROFILE: C:\Users\M.harris
SystemRoot: C:\Windows
ALLUSERSPROFILE: C:\ProgramData
DriverData: C:\Windows\System32\Drivers\DriverData
ProgramData: C:\ProgramData
PROCESSOR_REVISION: 0101
USERNAME: M.harris
CommonProgramW6432: C:\Program Files\Common Files
CommonProgramFiles: C:\Program Files\Common Files
OS: Windows_NT
PROCESSOR_IDENTIFIER: AMD64 Family 25 Model 1 Stepping 1, AuthenticAMD
ComSpec: C:\Windows\system32\cmd.exe
SystemDrive: C:
TEMP: C:\Users\MDB39~1.HAR\AppData\Local\Temp
NUMBER_OF_PROCESSORS: 2
APPDATA: C:\Users\M.harris\AppData\Roaming
TMP: C:\Users\MDB39~1.HAR\AppData\Local\Temp
ProgramW6432: C:\Program Files
windir: C:\Windows
USERDOMAIN: INFILTRATOR
USERDNSDOMAIN: INFILTRATOR.HTB
������������ System Environment Variables
� Check for some passwords or keys in the env variables
ComSpec: C:\Windows\system32\cmd.exe
DriverData: C:\Windows\System32\Drivers\DriverData
OS: Windows_NT
Path: C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\Output Messenger Server\Plugins\Output\apache2\bin\;C:\Program Files\Output Messenger Server\Plugins\Output\php\;C:\Program Files\Output Messenger Server\Plugins\Output\mysql\bin\
PATHEXT: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE: AMD64
PSModulePath: C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules
TEMP: C:\Windows\TEMP
TMP: C:\Windows\TEMP
USERNAME: SYSTEM
windir: C:\Windows
NUMBER_OF_PROCESSORS: 2
PROCESSOR_LEVEL: 25
PROCESSOR_IDENTIFIER: AMD64 Family 25 Model 1 Stepping 1, AuthenticAMD
PROCESSOR_REVISION: 0101LAPS
LSA Protection
Credentials Guard
Cached Creds
AV
UAC
PowerShell
Drives
KrbRelayUp
NTLM
AutoLogon
Installed Programs
Network
OMServerService
outputmessenger_httpd
outputmessenger_mysqld
certsrv
adPEAS
*Evil-WinRM* PS C:\Users\M.harris\Documents> upload adPEAS.ps1 .
Info: Uploading /home/kali/archive/htb/labs/infiltrator/adPEAS.ps1 to C:\Users\M.harris\Documents\.
Data: 4159704 bytes of 4159704 bytes copied
Info: Upload successful!
*Evil-WinRM* PS C:\Users\M.harris\Documents> . .\adPEASv.ps1uploaded and loaded
*Evil-WinRM* PS C:\Users\M.harris\Documents> Invoke-adPEASExecuting adPEAS
Domain
Add-Computer
ADCS
Templates
Infiltrator_Template
ENROLLEE_SUPPLIES_SUBJECT
infiltrator_svc$
“
gMSA
