mgeeky-Penetration-Testing-.../windows/README.md

2.1 KiB

  • awareness.bat - Little and quick Windows Situational-Awareness set of commands to execute after gaining initial foothold (coming from APT34: https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html ) (gist)

  • Force-PSRemoting.ps1 - Forcefully enable WinRM / PSRemoting. gist

  • GlobalProtectDisable.cpp - Global Protect VPN Application patcher allowing the Administrator user to disable VPN without Passcode. (gist)

    Steps are following:

    1. Launch the application as an Administrator
    2. Read instructions carefully and press OK
    3. Right-click on GlobalProtect tray-icon
    4. Select "Disable"
    5. Enter some random meaningless password

    After those steps - the GlobalProtect will disable itself cleanly. From now on, the GlobalProtect will remain disabled until you reboot the machine (or restart the PanGPA.exe process or PanGPS service).

  • impacket-binaries.sh - Simple one-liner that downloads all of the Windows EXE impacket binaries put out in Impacket Binaries repo. gist

  • pth-carpet.py - Pass-The-Hash Carpet Bombing utility - trying every provided hash against every specified machine. (gist)

  • revshell.c - Utterly simple reverse-shell, ready to be compiled by mingw-w64 on Kali. No security features attached, completely not OPSEC-safe.

  • Simulate-DNSTunnel.ps1 - Performs DNS Tunnelling simulation for purpose of triggering installed Network IPS and IDS systems, generating SIEM offenses and picking up Blue Teams.

  • win-clean-logs.bat - Batch script to hide malware execution from Windows box. Source: Mandiant M-Trends 2017. (gist)