Privilege_Escalation

first thing we need know which user we are currently using by commands: whoami and net user to get more details(Windows ) and on linux we can use id command for more details or reading passwd file

Untitled

cat /etc/passwd

then we need know which machine we are on and what it can do so we can check it’s name by hostname command in both linux and Windows

Untitled

but we need more info about the OS and Kernal so we will use systeminfo(Windows) command what concern us here is (OS Name,OS Version,System Type)

systeminfo

Untitled

in Linux use uname -a

uname -a
or 
cat /etc/issue

Untitled

Network Enum

Ok so now we know some info about the OS then we start to look for running processes in order to find any process that u can deal with and at the same it uses higher privileges on Windows :

tasklist /svc

it shows u the procesess that are running on the same account not the higher priv

Untitled

on linux :

ps aux

Untitled

since we control a machine in internal network we need to scan the network for new interesting hosts or ports and perform pivoting

in windows :

ipconfig /all

Untitled

route print

Untitled

netstat -ano

Untitled

in linux:

Untitled

for Open Ports:

ss -anp

Untitled

Firewall Enum