Windows

  • Execute netexec to bloodhound output

nxc ldap --dns-server DC_IP -u 'user' -p 'password' --bloodhound --collection All DC_IP

  • Changing user using runas

runas /user:USER cmd

  • Escaping users who are part of the Administrators group but are not actually administrators according to UAC rules because they need to run something with administrator permission, and only have access to the terminal.

powershell
Start-Process cmd.exe -verb runas

PreviousTricksNextLinux

Last updated