Windows Exploitation

Enumeration
- Download Commands
- Windows Manual Enumeration
Active Directory
- Microsoft Active Directory
Post Exploitation
- Mimikatz

Miscellaneous Points

After gaining access to the system we can manually enumerate the system or use tools like WinPEAS and Windows Exploit Suggester to enumerate the system for vulnerabilities than can be exploited to elevate our privileges

Disable Execution Policy : powershell -ExecutionPolicy Bypass
about Execution Policies - PowerShell | Microsoft Docs

UACMe is an tool that can be used to get Elevated Privileges on Windows System
The user need to be part of the Local Administrators Group
UAC setting should be at set to default or lower
GitHub - hfiref0x/UACME: Defeating Windows User Account Control

Windows saves the password using NTLM hash
Passwords are saved in SAM database (Windows)
In Active Directory passwords are saved in the NDTS database
krbgt : Active Directory Kerberos account used for ticket generation

Allows to gain access to Windows system using password & password hash
GitHub - Hackplayers/evil-winrm: The ultimate WinRM shell for hacking/pentesting

Digital Archive

Explorer

Windows Exploitation

Windows Exploitation

Miscellaneous Points

Backlinks

Graph View