perfecto25

get_params(){

    PARAMS=""
    while (( "$#" )); do
    case "$1" in
           
        ## RESET - boolean
        -r|--reset)
        RESET=true
        shift

CoreyMSchafer

# token.pickle stores the user's credentials from previously successful logins
if os.path.exists('token.pickle'):
    print('Loading Credentials From File...')
    with open('token.pickle', 'rb') as token:
        credentials = pickle.load(token)


# Google's Request
from google.auth.transport.requests import Request

SwitHak

CVE-2020-0601 AKA ChainOfFools OR CurveBall

General

• Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
• The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference, followed by a blog post and an official security advisory.
• The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.

Vulnerability explanation

• NSA description:
• NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.

HarmJ0y

# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
#   tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
#   https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

# New function naming schema:
#   Verbs:
#       Get : retrieve full raw data sets
#       Find : ‘find’ specific data entries in a data set

jhaddix

.
..
........
@
*
*.*
*.*.*
🐎

unfo

A few tips for OSCP

1. Doing all of the exercises is important since you will discover low-hanging fruit from the labs based on the recon you do with the different tools in the exercises.
2. Be wary of doing full /24 range port scans, especially for anything more than a few TCP ports. The machines might be in all sorts of broken states left by students etc.
3. When starting to recon a specific machine:

• Revert
• Port scan
• Try to identify services

Those steps in that order are important. You want a fresh state for the machine and you want to do just simple port scanning first because doing nmap's service scanning or nse scripts might send payloads that actually crash services. So be careful.

jaredcatkinson

function Get-InjectedThread
{
    <# 
    
    .SYNOPSIS 
    
    Looks for threads that were created as a result of code injection.
    
    .DESCRIPTION
    

unfo

How to pass the OSCP

1. Recon
2. Find vuln
3. Exploit
4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

DanyHenriquez

echo -e "\nHidden=true\n"|sudo tee --append /etc/xdg/autostart/tracker-extract.desktop
echo -e "\nHidden=true\n"|sudo tee --append /etc/xdg/autostart/tracker-miner-apps.desktop
echo -e "\nHidden=true\n"|sudo tee --append /etc/xdg/autostart/tracker-miner-fs.desktop
echo -e "\nHidden=true\n"|sudo tee --append /etc/xdg/autostart/tracker-miner-user-guides.desktop
echo -e "\nHidden=true\n"|sudo tee --append /etc/xdg/autostart/tracker-store.desktop

gsettings set org.freedesktop.Tracker.Miner.Files crawling-interval -2
gsettings set org.freedesktop.Tracker.Miner.Files enable-monitors false

tracker reset --hard

HarmJ0y

# NOTE: the most updated version of PowerView (http://www.harmj0y.net/blog/powershell/make-powerview-great-again/)
#   has an updated tricks Gist at https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993

# get all the groups a user is effectively a member of, 'recursing up'
Get-NetGroup -UserName <USER>

# get all the effective members of a group, 'recursing down'
Get-NetGroupMember -GoupName <GROUP> -Recurse

# get the effective set of users who can administer a server