9 box enum iis apppool\defaultapppool
Nothing using PowerUp.ps1
PEAS
[?] Windows vulns search powered by Watson(https://github.com/rasta-mouse/Watson)
[*] OS Version: 1809 (17763)
[!] CVE-2020-1013 : VULNERABLE
[>] https://www.gosecure.net/blog/2020/09/08/wsus-attacks-part-2-cve-2020-1013-a-windows-10-local-privilege-escalation-1-day/
[*] Finished. Found 1 potential vulnerabilities.
Computer Name : WORKER
User Name : Administrator
User Id : 500
Is Enabled : True
User Type : Administrator
Comment : Built-in account for administering the computer/domain
Last Logon : 2021-09-23 19:36:37
Logons Count : 94
Password Last Set : 2020-04-05 21:13:02
Installed Applications --Via Program Files/Uninstall registry--
Check if you can modify installed software https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#software
C:\Program Files\Azure DevOps Server 2019
C:\Program Files\common files
C:\Program Files\desktop.ini
C:\Program Files\Git
C:\Program Files\internet explorer
C:\Program Files\Microsoft SQL Server
C:\Program Files\Microsoft Visual Studio 10.0
C:\Program Files\Microsoft.NET
C:\Program Files\TortoiseSVN
C:\Program Files\Uninstall Information
C:\Program Files\Windows Defender
C:\Program Files\Windows Defender Advanced Threat Protection
C:\Program Files\WindowsApps
C:\Program Files\WindowsPowerShell
C:\Program Files\VMware
Host File
10.10.10.202 devops.worker.htb
# something is running on 8080?
TCP 127.0.0.1 8080 127.0.0.1 49700 Established 4 Systemp.ps1
Seatbelt.exe
Last updated