Windows priviledge escalation -1-
- wmic SERVICE get Name,PathName (Find a system services we might be able to use for priviledge escalation )
- icacls "[full path to above gathered custom service] (Check if you have RW/WR/EX right on the file )
Replace the service file with something "more usefull" i.e. a meterpreter reverse shell. :-)
Win local stuff
net user Administrator [new password]
net localgroup Administrators [username] /add
SetPassword [account-username] [new-password] [old-password]
schtasks.exe /?
devcon.exe /?
shutdown /r /t 0