>_ shadow.red
notatki-hakera.pl YouTube CTF Solutions Channel ☕ Buy me a coffee
~ / Privilege Escalation / Windows Processes and Services

Windows Processes and Services

Privilege Escalation Windows Enumeration windows

Processes

tasklist /SVC

Running services

net start
sc query
sc qc <service>
wmic service list brief | findstr "Running"
wmic service get name,displayname,pathname,startmode | findstr /i "auto"

Service start path filter (autostart, non-Windows path)

wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "C:\windows\\" |findstr /i /v ""

Scheduled tasks

schtasks
schtasks /query /fo LIST /v
schtasks /query /tn "TASK_NAME" /V /FO LIST

Get-ScheduledTask | where {$_.TaskPath -notlike '\Microsoft*'} | Format-Table TaskName,TaskPath,State

Drivers

driverquery

Quick reboot trigger (re-fires startup tasks)

shutdown /r /t 0