systeminfocommand is useful for passing into script-based exploit suggesters (see below).
Some.exe. This principle also applies to higher folders in the directory structure, if you have write permissions ('C:\' and 'C:\Program Files\'.
accesschk.exewhich checks permissions. To display services which can be modified by an authenticated user:
BINARY_PATH_NAMEvalue. Change the binary path on a particular service:
sc qc [service name]you can enable it using
sc config SSDPSRV start= auto- note that there is a space between the
=and the option.
nc.exewithout using the
binarycommand first and using the wrong
"in the path. If you're working with Windows XP, you'll need to download this version. Also, the Administrator shell fired using this method will not last, so you should send yourself another shell immediately with a different port:
1to enable this setting.
msfvenom(again assuming there is no antivirus):
/quietwill bypass User Account Control (UAC)
/qnspecifies not to use a GUI
/iis to perform a regular installation of the package
getsystemisn't working, you can try this method, which uses the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off.
systeminfoand compares it against the Microsoft vulnerability database, which is automatically downloaded and stores as a spreadsheet. Based on the output, the tool lists public exploits (E) and Metasploit modules (M).
systeminfoon the victim machine and save the contents as a text file:
systeminfoyou can find installed patches using the WMI command-line (WMIC) utility: