TamaGorengs Notes
  • πŸ‘¨β€πŸ’»Whoami
  • πŸ—ΊοΈActive Directory
    • Active Directory Enumeration
    • AD Reconnaissance
      • LDAP
    • Movement
      • Kerberos
        • ASREProast
        • Pass The Hash
        • Pass The Ticket
        • Overpass The Hash
      • Credential
        • Dumping
          • DCSync
      • WMI and WinRM
    • Active Directory Certificate Services (ADCS)
  • πŸͺŸWindows
    • Windows Privilege Escalation
      • WinPrivEsc Enumeration
      • Leveraging Windows Services
      • Abusing Other Windows Components
    • RDP
  • 🐧Linux
    • Linux Privilege Escalation
      • LinuxPrivEsc Enumeration
      • Exposed Confidential Information
      • Insecure File Permissions
      • Insecure System Components
  • πŸ•ΈοΈWeb Application
    • SQL Injection
    • Cross-Site Scripting (XSS)
  • Group 1
    • Client-Side Attacks
      • Windows Library Files
      • Exploiting Microsoft Office
  • Thick Client
    • Thick Client Pentest
    • Thick Client Pentest Methodology
Powered by GitBook
On this page
  • Scheduled Task
  • Using Exploits

Was this helpful?

  1. Windows
  2. Windows Privilege Escalation

Abusing Other Windows Components

Scheduled Task

  • Which use does the task executed

  • Trigger what specified task

  • What actions are executed when one or more of these triggers are met

Check all scheduled task

#PS
Get-ScheduledTask

#CMD
schtasks /query /fo LIST /v

To check permission for the file, if have Full Permission (F) we can abuse

icacls C:\Users\steve\Pictures\BackendCacheCleanup.exe

Using Exploits

Check Windows Version for kernel exploits

systeminfo

Check also for privilege that can be abused like [[SeImpersonatePrivilege]]

whoami /priv
PreviousLeveraging Windows ServicesNextRDP

Last updated 4 months ago

Was this helpful?

πŸͺŸ