Command Exec / Lateral movement via PsExec-like functionality. Must be running in the context of a privileged user.
CsExec.exe <targetMachine> <serviceName> <serviceDisplayName> <binPath>
Also see TikiService.
Command Exec / Lateral Movement via PowerShell. Creates a PowerShell runspace on a remote target. Must be running in the context of a privileged user.
Usage:
-t, --target=VALUE Target machine
-c, --code=VALUE Code to execute
-e, --encoded Indicates that provided code is base64 encoded
-o, --outstring Append Out-String to code
-r, --redirect Redirect stderr to stdout
-d, --domain=VALUE Domain for alternate credentials
-u, --username=VALUE Username for alternate credentials
-p, --password=VALUE Password for alternate credentials
-h, -?, --help Show Help
Command Exec / Lateral Movement via WMI. Must be running in the context of a privileged user.
Current methods: ProcessCallCreate.
CsWMI.exe <targetMachine> <command> <method>
Also see The Return of Aggressor
Command Exec / Lateral Movement via DCOM. Must be running in the context of a privileged user.
Current Methods: MMC20.Application, ShellWindows, ShellBrowserWindow, ExcelDDE.
Usage:
-t, --target=VALUE Target Machine
-b, --binary=VALUE Binary: powershell.exe
-a, --args=VALUE Arguments: -enc <blah>
-m, --method=VALUE Method: MMC20Application, ShellWindows,
ShellBrowserWindow, ExcelDDE
-h, -?, --help Show Help
Add user/machine/process environment variables.
CsEnv.exe <variableName> <value> <target>
Most code blatently stolen and adapted from:
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4