7MS #517: DIY Pentest Dropbox Tips - Part 6

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.

Today we're continuing a series we haven't done in a while (click here to see the whole series) all about building and deploying pentest dropboxes for customers. Specifically, we cover:

Auto installing Splashtop
This can be done automatically by downloading your splashtop.exe install and issuing this command:

splashtop.exe prevercheck /s /i confirm_d=0,hidewindow=1,notray=0,req_perm=0,sec_opt=2

Auto installing Ninite
This can be done in a batch script like so:

agent.msi /quiet
ninitepro.exe /select App1 App2 App3 /silent ninite-install-report.txt

The above command installs App1, App2 and App3 silently and logs output to a file called ninite-install-report.txt

Auto installing Uptimerobot monitoring
We do this by first creating a script called c:\uptimerobot.ps1 that makes the "phone home" call to UptimeRobot:

Start-Transcript -Path c:\heartbeat.log -Append
Invoke-Webrequest https://heartbeat.uptimerobot.com/LONG-UNIQUE-STRING -UseBasicParsing
Stop-Transcript

Then we install the scheduled task itself like so:

schtasks.exe /create /tn "Heartbeat" /tr "powershell -noprofile -executionpolicy bypass -file c:\uptimerobot.ps1" /rl highest /f /sc minute /mo 5 /ru "NT AUTHORITY\SYSTEM"