e1162690ea | ||
---|---|---|
.. | ||
Force-PSRemoting.ps1 | ||
GlobalProtectDisable.cpp | ||
README.md | ||
Simulate-DNSTunnel.ps1 | ||
awareness.bat | ||
impacket-binaries.sh | ||
pth-carpet.py | ||
revshell.c | ||
win-clean-logs.bat |
README.md
Windows penetration testing related scripts, tools and Cheatsheets
-
awareness.bat
- Little and quick Windows Situational-Awareness set of commands to execute after gaining initial foothold (coming from APT34: https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html ) (gist) -
Force-PSRemoting.ps1
- Forcefully enable WinRM / PSRemoting. gist -
GlobalProtectDisable.cpp
- Global Protect VPN Application patcher allowing the Administrator user to disable VPN without Passcode. (gist)Steps are following:
- Launch the application as an Administrator
- Read instructions carefully and press OK
- Right-click on GlobalProtect tray-icon
- Select "Disable"
- Enter some random meaningless password
After those steps - the GlobalProtect will disable itself cleanly. From now on, the GlobalProtect will remain disabled until you reboot the machine (or restart the PanGPA.exe process or PanGPS service).
-
impacket-binaries.sh
- Simple one-liner that downloads all of the Windows EXE impacket binaries put out in Impacket Binaries repo. gist -
pth-carpet.py
- Pass-The-Hash Carpet Bombing utility - trying every provided hash against every specified machine. (gist) -
revshell.c
- Utterly simple reverse-shell, ready to be compiled bymingw-w64
on Kali. No security features attached, completely not OPSEC-safe. -
Simulate-DNSTunnel.ps1
- Performs DNS Tunnelling simulation for purpose of triggering installed Network IPS and IDS systems, generating SIEM offenses and picking up Blue Teams. -
win-clean-logs.bat
- Batch script to hide malware execution from Windows box. Source: Mandiant M-Trends 2017. (gist)