Skip to content

Instantly share code, notes, and snippets.

@jermdw

jermdw/hugeLats.md

Created April 17, 2018 13:04
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jermdw/2eb185ceab5bd828a12322c01708516d to your computer and use it in GitHub Desktop.
Save jermdw/2eb185ceab5bd828a12322c01708516d to your computer and use it in GitHub Desktop.
Download ZIP
Move Laterally Why Don't you?
Raw
hugeLats.md

Lateral Movement Top 7

  1. Service Control Manager

    • This method is used by psexec and all of its clones to start the executable that psexec creates.

  2. Task scheduler (scheduled task)

    • A command to be run at designated time(s) as SYSTEM.

  3. WMI

    • use of WMI to move laterally

  4. Microsoft Terminal Services (RDP)

    • Type 7 Logons - Interactive desktop access and/or command execution with the privileges of the user account used.

  5. WinRM

    • winrs -r:REMOTECOMPUTERNAME command to run

    • Hosted by Windows Remote Management service (svchost.exe), listens on TCP/80 or TCP/5985 and can share port with IIS.

  6. SMB Traversal

    • mounting remote shares, i.e. c$, admin$ etc

Reference

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment