Post-Exploitation

Enumerate RDP Users Group

Get-NetLocalGroupMember -ComputerName ACADEMY-EA-MS01 -GroupName "Remote Desktop Users"

Enumerate WinRM Group

Get-NetLocalGroupMember -ComputerName ACADEMY-EA-MS01 -GroupName "Remote Management Users"

SQL Server

# Import Module
Import-Module .\PowerUpSQL.ps1

# Enumerate SQL Instance
Get-SQLInstanceDomain

# mssqlcient
 mssqlclient.py INLANEFREIGHT/DAMUNDSEN@172.16.5.150 -windows-auth

PreviousBleeding Edge Vulnerabilities NextAccess Control Lists and Entries (ACL & ACE)

Last updated 6 months ago