PNPT notes
@PNPTforme
69 subscribers
81 photos
31 links
Download Telegram
About
Blog
Apps
Platform
Join
PNPT notes
69 subscribers
PNPT notes
RDP yoqish / persistence

> reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v
fDenyTSConnections /t REG_DWORD /d 0 /f; Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

// O'chirish
> reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v
fDenyTSConnections /t REG_DWORD /d 1 /f; Disable-NetFirewallRule -DisplayGroup "Remote Desktop"

+

Persistence uchun Autorun, Startup dan foydalanish mumkin
320 viewsedited  
PNPT notes
PNPT notes
// Domaindagi SMBshare lar haqida ma'lumot: > Invoke-ShareFinder
// Powerview // SMB share fayllarni hammasini olish
> Invoke-FileFinder
327 views
PNPT notes
PNPT notes
// Powerview // SMB share fayllarni hammasini olish > Invoke-FileFinder
// local admins
> Invoke-EnumerateLocalAdmin
326 viewsedited  
PNPT notes
PNPT notes
// local admins > Invoke-EnumerateLocalAdmin
// Access control list enum
> Get-Objectacl
298 views
PNPT notes
// Powershell (rdp)
Enter-PSSession -ComputerName User2 -Credential just/username
305 views
PNPT notes
PNPT notes
// Powershell (rdp) Enter-PSSession -ComputerName User2 -Credential just/username
// powershell bilan remote code exec
> Invoke-Command -ScriptBlock {whoami;just} -ComputerName User2 -Credential just/username
327 viewsedited  
PNPT notes
// eCPTxv2 study / enum
328 viewsedited  
PNPT notes
PNPT notes pinned «// eCPTxv2 study / enum»
PNPT notes
// tashkilot tizimlarini ntbscan orqali topish
# ntbscan -r range
349 views
PNPT notes
// Rangedagi hostnamelarni topish:
# nmap -sL range
358 views
PNPT notes
// domain, version topish:
# use auxiliary/scanner/smb/smb_version
359 views
PNPT notes
// SNMP scanner
# use auxiliary/scanner/snmp/snmp_login
361 views
PNPT notes
// Domain controllerni topish
# dig -t NS domain_name
# dig _gc. domain_name
364 views
PNPT notes
PNPT notes
// Domain controllerni topish # dig -t NS domain_name # dig _gc. domain_name
356 views
PNPT notes
// rcpclinet orqali enum qilish mumkin
# rpcclient -U sfsd -p sfs Adress
359 views
PNPT notes
PNPT notes
// rcpclinet orqali enum qilish mumkin # rpcclient -U sfsd -p sfs Adress
// tizim haqida ma'lumot olish
# rpcclient srvinfo

// domain users
# rpccleint enumdomusers

// domain (bult in)groups
# rpcclient enumalsgroups domain
# rpcclient enumalsgroups bultin

// SID topish
rpccleint > lookupnames name

//RIDs orqali malumot olish:
queryuser 500 // admin
373 views
PNPT notes
// SMB share
# smbclient -U 'domain#user%pass' -L hostname
373 views
PNPT notes
PNPT notes
// SMB share # smbclient -U 'domain#user%pass' -L hostname
387 views
PNPT notes
// DC topish
> nltest /server: birorta azo IPsi /dclist: domain
399 views
PNPT notes
// Domain list
> net view /domain:domainname
409 views
PNPT notes
// Powerview / has a session , etc
407 views