add trivial comment

2017-07-25 21:22:37 +07:00
parent a725492a5a
commit 5c2bcc0364
1 changed files with 3 additions and 0 deletions
--- a/zzz_exploit.py
+++ b/zzz_exploit.py
@@ -898,6 +898,9 @@ def smb_pwn(conn, arch):
 	
 	#smb_send_file(smbConn, sys.argv[0], 'C', '/exploit.py')
 	#service_exec(conn, r'cmd /c copy c:\pwned.txt c:\pwned_exec.txt')
+	# Note: there are many methods to get shell over SMB admin session
+	# a simple method to get shell (but easily to be detected by AV) is
+	# executing binary generated by "msfvenom -f exe-service ..."

 def smb_send_file(smbConn, localSrc, remoteDrive, remotePath):
 	with open(localSrc, 'rb') as fp: