Gained access to a lockdown host and need to find way to escape the restrict shell?
Check what software's you can access
Try common such as cmd, powershell, powershell_ise, ftp and etc
Try to use alternatives to powershell and cmd such as PowerShdll and
Try explorer bar commands
Check if you can access internet explorer, paint, excel, file explorer and etc
Check keyboard shortcuts
Try to create a new file (Use the malicious HTA file) or a new shortcut and point it to a executable
Load files via a SMB share and execute them
Windows 10 - try Cortana exploit
Try and to copy powershell.exe or cmd.exe and change it to a different name and then run it
Try and access \\127.0.0.1\c$
Bypassing powershell restrictions
If it's powershell try and download reverse shell and run it, if it's version 4 check if you can downgrade to powershell v2
Try to use Powershell alternatives (nps, powershelld and etc)
Test if you can execute commands via LOLBAS
Attempt UAC Bypass to gain administrative privileges
Last updated 5 years ago
