# Breakout

## Methodology

### Gaining shell access

1. Check what software's you can access 
   1. Try common such as cmd, powershell, powershell\_ise, ftp and etc
   2. Try  to use alternatives to powershell and cmd such as PowerShdll and 
   3. Try explorer bar commands 
   4. [Check if you can access internet explorer, paint, excel, file explorer and etc ](https://infra.newerasec.com/infrastructure-testing/breakout/windows-utilities)
2. [Check keyboard shortcuts ](https://infra.newerasec.com/infrastructure-testing/windows-utilities#shortcuts)
3. Try to create a new file (Use the malicious[ HTA file](https://infra.newerasec.com/infrastructure-testing/alternatives-to-command-prompt#hta-shell)) or a new shortcut and point it to a executable 
4. [Load files via a SMB share and execute them](https://infra.newerasec.com/infrastructure-testing/enumeration/ipv6/transfering-files)
5. Windows 10 - try[ Cortana exploit ](https://infra.newerasec.com/infrastructure-testing/windows-utilities#cortana)
6. Try and to copy powershell.exe or cmd.exe and change it to a different name and then run it 
7. Try and access \\\127.0.0.1\c$

### Once a shell was obtained

1. [Bypassing powershell restrictions](https://infra.newerasec.com/infrastructure-testing/breakout/powershell-constrained-language-byass)
   1. If it's powershell try and download reverse shell and run it, if it's version 4 check if you can downgrade to powershell v2 
   2. Try to use Powershell alternatives (nps, powershelld and etc) 
2. Test if you can execute commands via[ LOLBAS](https://infra.newerasec.com/infrastructure-testing/breakout/lolbas) 
3. Attempt [UAC Bypass](https://infra.newerasec.com/infrastructure-testing/privilege-esclation/windows/uac-bypass) to gain administrative privileges