Progress

Scan the valid services

Searching the RCE payload

Create the paylods using msfvenom

Payloads

Get reverse shell

Root.txt

save registry record

back to the attack machine to get the file

samdump2 to dump hash

using john the ripper to brute force the hash

Reference

AttackDefense.com [RCE] - osCommerce

https://nitesculucian.github.io/2018/10/26/attackdefense-com-rce-oscommerce/

Windows Reverse Shells Cheatsheet

Windows Reverse Shells: 10 payloads in 1 different languages !

https://podalirius.net/en/articles/windows-reverse-shells-cheatsheet/

john破解系统密码（windows和kali）_john —format_boy_from_village的博客-CSDN博客

使用john、和samdump2破解window密码Window密码获取方式:使用老毛桃或者大白菜制作U盘启动PE系统可自由复制粘贴CAM和system文件保存在U盘内。或者使用SAMCopyer和SAMInside获取sam和system文件。。。方式：通过window下的sam和system文件获取密码的hash值，使用john破解密码的hash获得密码明文。环境：kali 所需软件：kal..._john —format

https://blog.csdn.net/boy_from_village/article/details/80383419