So this post is basically about why it is important to use Kerberos instead of NTLM and use SMB Signing as well. NTLM Relaying is a common man-in-the-middle attack with a high success-rate. SMB and NTLM Relaying is dangerous, as
Convert Python to Exe files
Can be useful when you have a priv esc exploit in python but target Windows machine does not have python installed. Most reliable way, that seems to work every time, is compiling the python via PyInstaller on a Windows box.
Transfer files – Windows
Several methods is described here, on how to transfer files between Windows system as victim and attack box. Start HTTP Server on Attack box Start HTTP Server vi Py module
|
1 2 |
python -m SimpleHTTPServer 80 |
Start FTP Server on Attack box Start FTP via
Compiling exploits to Windows on Kali
Compile Win32 exploit with Wine install mingw
|
1 2 3 4 |
wget http://downloads.sourceforge.net/project/mingw/Installer/mingw-get-setup.exe wine mingw-get-setup.exe # (select mingw base and c++, menu -> apply changes, quit) |
|
1 2 |
wine regedit # (HKCU/Environment add string PATH c:\windows;c:\windows\system;c:\MinGW\bin) rm mingw-get-setup.exe |
install some libs mingw needs
|
1 2 |
wget http://gojhonny.com/misc/mingw_bin.zipunzip mingw_bin.zip -d /root/.wine/drive_c/windows/ rm mingw_bin.zip |
running
|
1 2 3 4 |
wine mingw32-gcc.exe foo.c -o foo.exe -lws2_32 wine mingw32-g++.exe foo.cpp -o foo.exe -lws2_32 |