3 box enum jason

#winpeas.exe needs .NET v4.0

dir /b %windir%\Microsoft.NET\Framework\v*
v1.0.3705
v1.1.4322
v2.0.50727
v4.0.30319

systeminfo
Host Name:                 ATOM
OS Name:                   Microsoft Windows 10 Pro
OS Version:                10.0.19042 N/A Build 19042
System Type:               x64-based PC

PEAS

[+] Cached Creds
   [?] If > 0, credentials will be cached in the registry and accessible by SYSTEM user https://book.hacktricks.xyz/windows/stealing-credentials/credentials-protections#cached-credentials
    cachedlogonscount is 10

[+] UAC Status
   [?] If you are in the Administrators group check how to bypass the UAC https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#basic-uac-bypass-full-file-system-access
    ConsentPromptBehaviorAdmin: 5 - PromptForNonWindowsBinaries
    EnableLUA: 1
    LocalAccountTokenFilterPolicy: 1
    FilterAdministratorToken: 1
      [*] LocalAccountTokenFilterPolicy set to 1.
      [+] Any local account can be used for lateral movement.
	  
[+] Looking for AutoLogon credentials
    Some AutoLogon credentials were found
    DefaultDomainName             :  ATOM
    DefaultUserName               :  jason
	
=(Services Information)=
Redis(Redis)["C:\Program Files\Redis\redis-server.exe" --service-run "C:\Program Files\Redis\redis.windows-service.conf"] - Auto - Running
This service runs the Redis server

=(Windows Credentials)=
Username:              ATOM\jason
Password:              kidvscat_electron_@123
Target:                ATOM\jason
PersistenceType:       Enterprise
LastWriteTime:         3/31/2021 2:53:49 AM

[+] Enumerating Security Packages Credentials
Version: NetNTLMv2
Hash:    jason::ATOM:1122334455667788:96058f83c601a41e3409a43102c4e976:0101000000000000dbd5c5f77640d70153d0865d0c559bc9000000000800300030000000000000000000000000200000a2802b8f2d721bdccd6ca4da5c452c2a3bed3183d330ad5fdc93f7fcd51516aa0a00100000000000000000000000000000000000090000000000000000000000

[+] Looking for possible password files in users homes
[?]  https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#credentials-inside-files
C:\Users\All Users\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml

[+] Looking for documents --limit 100--
C:\Users\jason\Downloads\PortableKanban\User Guide.~pdf
C:\Users\jason\Documents\UAT_Testing_Procedures.pdf

Last updated