Enumeration

*Evil-WinRM* PS C:\Users\tony\Desktop> cmdkey /list

Currently stored credentials:

* NONE *

I cannot run commands like systeminfo and netstat and get access denied.

Running winPEAS generates lots of output. We also find the powershell command history file.

ÉÍÍÍÍÍÍÍÍÍ͹ PowerShell Settings
    PowerShell v2 Version: 2.0
    PowerShell v5 Version: 5.0.10240.17146
    PowerShell Core Version: 
    Transcription Settings: 
    Module Logging Settings: 
    Scriptblock Logging Settings: 
    PS history file: C:\Users\tony\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt
    PS history size: 134B
Evil-WinRM* PS C:\Users\tony> type C:\Users\tony\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt
Add-Printer -PrinterName "RICOH_PCL6" -DriverName 'RICOH PCL6 UniversalDriver V4.23' -PortName 'lpt1:'

ping 1.1.1.1
ping 1.1.1.1

I searched for the driver name and version. I find CVE-2019-19363.

PreviousFootholdNextPrivEsc

Last updated