1.8 KiB
Windows penetration testing related scripts, tools and Cheatsheets
-
awareness.bat
- Little and quick Windows Situational-Awareness set of commands to execute after gaining initial foothold (coming from APT34: https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html ) (gist) -
Force-PSRemoting.ps1
- Forcefully enable WinRM / PSRemoting. gist -
GlobalProtectDisable.cpp
- Global Protect VPN Application patcher allowing the Administrator user to disable VPN without Passcode. (gist)Steps are following:
- Launch the application as an Administrator
- Read instructions carefully and press OK
- Right-click on GlobalProtect tray-icon
- Select "Disable"
- Enter some random meaningless password
After those steps - the GlobalProtect will disable itself cleanly. From now on, the GlobalProtect will remain disabled until you reboot the machine (or restart the PanGPA.exe process or PanGPS service).
-
impacket-binaries.sh
- Simple one-liner that downloads all of the Windows EXE impacket binaries put out in Impacket Binaries repo. gist -
pth-carpet.py
- Pass-The-Hash Carpet Bombing utility - trying every provided hash against every specified machine. (gist) -
win-clean-logs.bat
- Batch script to hide malware execution from Windows box. Source: Mandiant M-Trends 2017. (gist)