hak5
/
omg-payloads
mirror of https://github.com/hak5/omg-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
omg-payloads/payloads/library/remote_access/win_winrm-backdoor/README.md

832 B
Raw Blame History

"Microsoft Windows" WinRM Backdoor

  • Title: "Microsoft Windows" WinRM Backdoor
  • Author: TW-D
  • Version: 1.0
  • Target: Microsoft Windows
  • Category: Remote Access

Description

  1. Adds a user account (OMG_User:OMG_P@ssW0rD).
  2. Adds this local user to local administrator group.
  3. Enables "Windows Remote Management" with default settings.
  4. Adds a rule to the firewall.
  5. Sets a value to "LocalAccountTokenFilterPolicy" to disable "UAC" remote restrictions.
  6. Hides this user account.

Exploitation

The connection identifiers will be those defined by the values : OMG_User and OMG_P@ssW0rD.

hacker@hacker-computer:~$ evil-winrm --ip <TARGET> --user OMG_User --password 'OMG_P@ssW0rD'
*Evil-WinRM* PS C:\Users\OMG_User\Documents> whoami
desktop-xxxxxxx\omg_user