Escalation Checks

#view hidden content

dir -ah

get-childitem -force -recurse

#Whoami - list out account and priv info

whoami /all

#Find passwords in files

findstr /si password *.txt

findstr /si password *.ps1

#PowershellTranscript - location when policy is set

Get-ChildItem "HKLM:\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows\PowerShell\Transcription"