From 5c2bcc03644fbd8e90aef1ac922f6e3c27f923ed Mon Sep 17 00:00:00 2001 From: worawit Date: Tue, 25 Jul 2017 21:22:37 +0700 Subject: [PATCH] add trivial comment --- zzz_exploit.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/zzz_exploit.py b/zzz_exploit.py index 6b40510..695df6a 100644 --- a/zzz_exploit.py +++ b/zzz_exploit.py @@ -898,6 +898,9 @@ def smb_pwn(conn, arch): #smb_send_file(smbConn, sys.argv[0], 'C', '/exploit.py') #service_exec(conn, r'cmd /c copy c:\pwned.txt c:\pwned_exec.txt') + # Note: there are many methods to get shell over SMB admin session + # a simple method to get shell (but easily to be detected by AV) is + # executing binary generated by "msfvenom -f exe-service ..." def smb_send_file(smbConn, localSrc, remoteDrive, remotePath): with open(localSrc, 'rb') as fp: