<aside> 📌 Summary
</aside>
<aside> 📦 box
</aside>
With anonymous login, we may put and delete files, in the Devel box we use this to put files in the web directory to access through the web server later.
ftp 10.10.10.5
put ./local_file.txt ./remote_file.txt
For IIS, *.aspx webshells are most likely used in the case of available file access.
Find a aspx webshell at /usr/share/webshells/aspx of a kali machine or on the internet (e.g. https://github.com/borjmz/aspx-reverse-shell/).
<aside> 📦 box
</aside>
After retrieving a shell, get system information with systeminfo.
whoami and hostname may be helpful too.
To grep on windows use | findstr
systeminfo | findstr /B /C:"OS Name" /C:"OS Version" /C:"Sytem Type"
Get info on recent patches and updates by running wmic qfe, it may not be installed on every windows machine.
wmic qfe get Caption,Description,HotFixID,InstalledOn
Look for other drives with wmic logicaldisk
wmic logicaldisk get caption,description,providername