Exploit with SeBackupPrivilege
.
You need to setup NTFS Disk to support remote windows backup.
# Create 2G Disk
#https://rohnspowershellblog.wordpress.com/2013/03/19/viewing-service-acls/ | |
Add-Type @" | |
[System.FlagsAttribute] | |
public enum ServiceAccessFlags : uint | |
{ | |
QueryConfig = 1, | |
ChangeConfig = 2, | |
QueryStatus = 4, | |
EnumerateDependents = 8, | |
Start = 16, |
# import the necessary toolsets | |
Import-Module .\powermad.ps1 | |
Import-Module .\powerview.ps1 | |
# we are TESTLAB\attacker, who has GenericWrite rights over the primary$ computer account | |
whoami | |
# the target computer object we're taking over | |
$TargetComputer = "primary.testlab.local" |
import time | |
import os | |
import ntplib | |
client = ntplib.NTPClient() | |
response = client.request('ntp4.aliyun.com') | |
timestamp = int(response.tx_time) | |
date_string = time.strftime('%d-%m-%Y', time.localtime(timestamp)) | |
print(date_string) | |
os.system('date ' + date_string) |
#!/usr/bin/env python3 | |
"""Simple HTTP Server With Upload. | |
This module builds on BaseHTTPServer by implementing the standard GET | |
and HEAD requests in a fairly straightforward manner. | |
see: https://gist.github.com/UniIsland/3346170 | |
""" | |
#!/bin/bash | |
# Usage: ./minio-upload my-bucket my-file.zip | |
bucket=$1 | |
file=$2 | |
host=minio.example.com | |
s3_key=svc_example_user | |
s3_secret=svc_example_user_password |
{ | |
"log": { | |
"level": "info", | |
"timestamp": true | |
}, | |
"dns": { | |
"servers": [ | |
{ | |
"tag": "dns_proxy", | |
"address": "tls://dns.google", |
interface="$(ip tuntap show | cut -d : -f1 | head -n 1)" | |
ip=`ip -j route list table all | jq -r '.[] | select(.dev=="'$interface'") | .gateway' | grep -v null | head -n 1` | |
ping $ip -W 1 -c 1| awk -F'/' 'END{ print (/^rtt/? " - "$5" ms":"") }' |
#! /bin/bash | |
# Please note that the script runs in base64 to prevent spoilers. | |
# If you're done, you can decode the base64. | |
# container port | |
port=8888 | |
echo ' *** This is script used to create Hackable sqli-lab container *** ' | |
echo 'Please Note that: After patch it, You can get a root shell !!' |