Miscellaneous Tips and Tricks

All the tricks that couldn’t be classified somewhere else.

Send a message to another user #

# Windows
PS C:\> msg Swissky /SERVER:CRASHLAB "Stop rebooting the XXXX service !"
PS C:\> msg * /V /W /SERVER:CRASHLAB "Hello all !"

# Linux
$ wall "Stop messing with the XXX service !"
$ wall -n "System will go down for 2 hours maintenance at 13:00 PM"  # "-n" only for root
$ who
$ write root pts/2	# press Ctrl+D  after typing the message. 

CrackMapExec Credential Database #

cmedb (default) > workspace create test
cmedb (test) > workspace default
cmedb (test) > proto smb
cmedb (test)(smb) > creds
cmedb (test)(smb) > export creds csv /tmp/creds

Local Windows Enumeration #

netstat #

  • -a # all active and listening connections
  • -b # find the binaries involved in the connections
  • -n # don’t resolve IPs to hostnames
  • -o # display the process ID involved in the connections
C:\>netstat -abno

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP                 LISTENING       2016    [sshd.exe]
  TCP                LISTENING       924     RpcSs [svchost.exe]
  TCP                LISTENING       4       Can not obtain ownership information
  TCP               LISTENING       416     TermService [svchost.exe]
  TCP       ESTABLISHED     2016    [sshd.exe]
  TCP       ESTABLISHED     2016    [sshd.exe]