Category Archives: windows

windows privilege escalation via weak service permissions

When performing security testing on a Windows environment, or any environment for that matter, one of the things you’ll need to check is if you can escalate your privileges from a low privilege user to a high privileged user. No matter what environment you are testing there are going to be a range or roles […]

One liner commands for windows – cheat sheet

Remotely determine logged in user
wmic /node:remotecomputer computersystem get username
List running processes
wmic process list brief
Kill a process
wmic process where name="cmd.exe" delete
Determine open shares
net share
wmic share list brief
Determine IP address
Get a new IP address
ipconfig /release
ipconfig /renew
Remotely display machine’s MAC address
wmic /node:machinename nic get macaddress
Remotely list running processes every second
wmic /node:machinename process list brief /every:1
Remotely display System Info
wmic […]

Search windows open shares with python

It’s rare during a penetration test that I actually exploit a vulnerability to gain more information. Newcomers to my filed will often use the term “network security”. I don’t care about the network, have the network for all I care. What I’m more concerned about is the information inside the network. The better way to […]

Search an IP range via the command line

So how do you manipulate a list of IP’s via the command line? Well there are several ways to go about this but I’ll present the way I went about it.
In my scenario I had a range of IP’s that I needed to extract/exclude out of a list of IP’s. This task needed to […]