| .. | ||
| awareness.bat | ||
| Force-PSRemoting.ps1 | ||
| GlobalProtectDisable.cpp | ||
| impacket-binaries.sh | ||
| pth-carpet.py | ||
| README.md | ||
| revshell.c | ||
| Simulate-DNSTunnel.ps1 | ||
| win-clean-logs.bat | ||
Windows penetration testing related scripts, tools and Cheatsheets
-
awareness.bat- Little and quick Windows Situational-Awareness set of commands to execute after gaining initial foothold (coming from APT34: https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html ) (gist) -
Force-PSRemoting.ps1- Forcefully enable WinRM / PSRemoting. gist -
GlobalProtectDisable.cpp- Global Protect VPN Application patcher allowing the Administrator user to disable VPN without Passcode. (gist)Steps are following:
- Launch the application as an Administrator
- Read instructions carefully and press OK
- Right-click on GlobalProtect tray-icon
- Select "Disable"
- Enter some random meaningless password
After those steps - the GlobalProtect will disable itself cleanly. From now on, the GlobalProtect will remain disabled until you reboot the machine (or restart the PanGPA.exe process or PanGPS service).
-
impacket-binaries.sh- Simple one-liner that downloads all of the Windows EXE impacket binaries put out in Impacket Binaries repo. gist -
pth-carpet.py- Pass-The-Hash Carpet Bombing utility - trying every provided hash against every specified machine. (gist) -
revshell.c- Utterly simple reverse-shell, ready to be compiled bymingw-w64on Kali. No security features attached, completely not OPSEC-safe. -
Simulate-DNSTunnel.ps1- Performs DNS Tunnelling simulation for purpose of triggering installed Network IPS and IDS systems, generating SIEM offenses and picking up Blue Teams. -
win-clean-logs.bat- Batch script to hide malware execution from Windows box. Source: Mandiant M-Trends 2017. (gist)