Renamed directory and added new script.

This commit is contained in:
mb 2018-12-18 17:52:33 +01:00
parent bf6833a7cc
commit 27596f5104
26 changed files with 158 additions and 4 deletions

View File

@ -12,7 +12,7 @@ This repository is divided further onto following directories:
- `linux` - Contains linux-based scripts for various purposes. - `linux` - Contains linux-based scripts for various purposes.
- `networks` - Network devices & services Penetration Testing and auditing scripts - `networks` - Network devices & services Penetration Testing and auditing scripts
- `others` - Others related somehow to penetration tests & Audits - `others` - Others related somehow to penetration tests & Audits
- `social-engineering` - Powershell, Visual Basic, js, phishings and other alike candys - `red-teaming` - Powershell, Visual Basic, js, phishings and other alike candys
- `web` - Web-Application auditing, pentesting, fuzzing related. - `web` - Web-Application auditing, pentesting, fuzzing related.
- `windows` - Windows utilities, scripts, exploits. - `windows` - Windows utilities, scripts, exploits.

View File

@ -0,0 +1,113 @@
#requires -version 2
<#
This script launches many PowerView cmdlets and stores their output
in Clixml files for later processing.
Author: Mariusz B. (mgeeky), '18
License: BSD 3-Clause
Required Dependencies: PowerSploit's Recon.psm1
#>
function Export-ReconData
{
$DirName = (Get-Date).ToString("PowerView-MM-dd-yyyy-hh-mm-ss")
New-Item -Name $DirName -ItemType Directory | Out-Null
Write-Output "`n:: Logs to be stored in: $DirName`n"
$ReconModuleCommands = Get-Command -Module Recon
$Commands = @()
$ReconModuleCommands `
| Where-Object {$_.Name -like "Get-Net*"} `
| Select Name `
| ForEach-Object {$Commands += $_.Name}
$Commands += "Invoke-UserHunter -ShowAll"
$Commands += "Invoke-StealthUserHunter -ShowAll"
$Commands += "Invoke-FileFinder -SearchSYSVol"
$Commands += "Invoke-ShareFinder"
$Commands += "Invoke-MapDomainTrust"
$Commands += "Find-GPOLocation"
$Commands += "Get-NetUser -AdminCount"
$Commands += "Find-ForeignUser"
$Commands += "Find-ForeignGroup"
$Commands += "Invoke-FileFinder"
$Commands | ForEach-Object {
$Name = $_
$Name -match "[A-Za-z]+-(.+)" | Out-Null
$FileName = $matches[1] + ".xml"
$FileName = $FileName -replace ' ',''
If ($Name -like "Get-Net*")
{
#$Name = $Name + " -Recurse"
}
Write-Output "--- $Name ---"
$Name | Invoke-Expression | Export-Clixml $DirName\$FileName
Write-Output "Done.`n"
}
}
function Import-ReconData
{
Param
(
[Parameter(Position = 0, Mandatory = $True)]
[ValidateNotNullOrEmpty()]
[String]
$DirName
)
$path = Get-Location
Set-Location -Path $DirName
Get-ChildItem . -Filter *.xml |
Foreach-Object {
$Name = $_.BaseName -replace '-',''
$Results = Import-Clixml -Path "$_"
New-Variable -Name $Name -Force -Value $Results -Scope Global
Write-Output "Loaded `$$Name results."
}
Set-Location -Path $path
}
function Get-ReconData
{
Param
(
[Parameter(Position = 0, Mandatory = $True)]
[ValidateNotNullOrEmpty()]
[String]
$DirName
)
$path = Get-Location
$Variables = Get-Variable
Set-Location -Path $DirName
Get-ChildItem . -Filter *.xml |
Foreach-Object {
$Name = $_.BaseName -replace '-',''
If ($Variables | Where-Object { $_.Name -eq $Name })
{
Write-Output "Previously loaded: `$$Name"
}
}
Set-Location -Path $path
}
Try
{
# You need to be in PowerSploit\Recon directory
Import-Module .\Recon.psm1
}
Catch [System.Exception]
{
exit
}

View File

@ -18,6 +18,50 @@ IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s, [IO.Com
- **`delete-warning-div-macro.vbs`** - VBA Macro function to be used as a Social Engineering trick removing "Enable Content" warning message as the topmost floating text box with given name. ([gist](https://gist.github.com/mgeeky/9cb6acdec31c8a70cc037c84c77a359c)) - **`delete-warning-div-macro.vbs`** - VBA Macro function to be used as a Social Engineering trick removing "Enable Content" warning message as the topmost floating text box with given name. ([gist](https://gist.github.com/mgeeky/9cb6acdec31c8a70cc037c84c77a359c))
- **`Export-ReconData.ps1`** - Powershell script leveraging [PowerSploit Recon](https://github.com/PowerShellMafia/PowerSploit) module (PowerView) to save output from Reconnaissance cmdlets like `Get-Net*`, `Invoke-*` into _Clixml_ files. Those files can later be extracted from attacked environment and loaded to a new powershell runspace using the same script. Very useful when we want to obtain as many data as possible, then exfiltrate that data, review it in our safe place and then get back to attacked domain for lateral spread.
Exposed functions:
- `Export-ReconData` - Launches many cmdlets and exports their Clixml outputs.
- `Import-ReconData -DirName <DIR>` - Loads Clixml previously exported outputs and stores them in Global variables reachable when script terminates.
- `Get-ReconData -DirName <DIR>` - Gets names of variables that were created and contains previously imported data.
```
PS E:\PowerSploit\Recon> Load-ReconData -DirName .\PowerView-12-18-2018-08-30-09
Loaded $FileFinderSearchSYSVol results.
Loaded $FileFinder results.
Loaded $ForeignGroup results.
Loaded $ForeignUser results.
Loaded $GPOLocation results.
Loaded $MapDomainTrust results.
Loaded $NetComputer results.
Loaded $NetDomain results.
Loaded $NetDomainController results.
Loaded $NetDomainTrust results.
Loaded $NetFileServer results.
Loaded $NetForest results.
Loaded $NetForestCatalog results.
Loaded $NetForestDomain results.
Loaded $NetForestTrust results.
Loaded $NetGPO results.
Loaded $NetGPOGroup results.
Loaded $NetGroup results.
Loaded $NetGroupMember results.
Loaded $NetLocalGroup results.
Loaded $NetLoggedon results.
Loaded $NetOU results.
Loaded $NetProcess results.
Loaded $NetRDPSession results.
Loaded $NetSession results.
Loaded $NetShare results.
Loaded $NetSite results.
Loaded $NetSubnet results.
Loaded $NetUserAdminCount results.
Loaded $NetUser results.
Loaded $ShareFinder results.
Loaded $StealthUserHunterShowAll results.
Loaded $UserHunterShowAll results.
```
- **`generateMSBuildPowershellXML.py`** - Powershell via MSBuild inline-task XML payload generation script - To be used during Red-Team assignments to launch Powershell payloads without using `powershell.exe` ([gist](https://gist.github.com/mgeeky/df9f313cfe468e56c59268b958319bcb)) - **`generateMSBuildPowershellXML.py`** - Powershell via MSBuild inline-task XML payload generation script - To be used during Red-Team assignments to launch Powershell payloads without using `powershell.exe` ([gist](https://gist.github.com/mgeeky/df9f313cfe468e56c59268b958319bcb))
Example output **not minimized**: Example output **not minimized**:

@ -1 +0,0 @@
Subproject commit bbb1add73362df40f04860a036926a71b96970c7

@ -1 +0,0 @@
Subproject commit 32992adea5369e661eea6fabbbc95b8284cc2959

@ -1 +0,0 @@
Subproject commit 80e7515ed6aff631b3449e654b67988b1f01baa4