πŸ““
πŸ““
πŸ““
πŸ““
Red Team Notes 2.0
Search…
πŸ““
πŸ““
πŸ““
πŸ““
Red Team Notes 2.0
Introduction
Red Team
Red Team Techniques
Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
Credential Access
Discovery
Lateral Movement
Active Directory
Active Directory
Active Directory Attacks
Red Team Infrastructure
RED TEAM INFRASTRUCTURE
Domain Name and Categorization
Reconnaissance
Weaponization
Delivery
Situational Awareness
Credential Dumping
Persistence
Defense Evasion
Privilege Escalation
PowerUp
PrivescCheck
Lateral Movement
Powered By GitBook
PowerUp
PowerUp has been out for a while a great PowerShell script that looks for your typical out of place configurations that can allow a regular user access to resources that they shouldn't this tool has not been updated in a while, especially the PowerShell script version one but we can utilize the C# one which Is actively maintained
Running is straightforward in its help menu we want to use all checks available and get the results from that the audit parameter is the one we use; we wait for it to finish, and we can see it has found a vulnerable configuration
To take advantage of this method we see that 2 registry keys are enabled that allow us to install MSI packages with elevated permissions, we are mostly interested in the User Key since we should be in this context.
We can create a simple payload utilizing msfvenom to create an MSI package or a visual studio to create our custom one.
To take advantage of this method we drop our MSI payload to the workstation utilize msiexec LOLBAS and gain a shell with elevated permissions
Here is a small demo of this technique
Demo:
Previous
Privilege Escalation
Next
PrivescCheck
Last modified 29d ago
Copy link