Starting Point: Markup - winPEAS for Priv Esc?

Has anybody used winPEAS to escalate their privileges on Markup? Just curious. After I rooted the box using the HTB walkthrough, I found a blog post where the author used winPEAS, but I couldn’t replicate their steps successfully.

I know this an old post but I’ll put my findings here in case anyone else comes across this.

I had issues following the walkthrough and got stuck piping the netcat command to job.bat. I decided to try winPEAS. I transferred it to the target machine using http.server on my attacking machine. I ran winPEAS on the target machine and the Administrator credential were in plain text under “Autologon credentials”. Definitely a good option if ncat isn’t working properly. I found it quite a bit simpler as well

1 Like