mgeeky-Penetration-Testing-.../windows
mgeeky e1162690ea Simple reverse-shell added. 2019-06-28 13:22:06 +02:00
..
Force-PSRemoting.ps1 Dropped a bunch of various scripts. 2019-01-29 05:19:12 -05:00
GlobalProtectDisable.cpp First 2018-02-02 22:22:43 +01:00
README.md Simple reverse-shell added. 2019-06-28 13:21:31 +02:00
Simulate-DNSTunnel.ps1 Added Simulate-DNSTunnel.ps1 2019-02-19 08:50:44 -05:00
awareness.bat First 2018-02-02 22:22:43 +01:00
impacket-binaries.sh Dropped a bunch of various scripts. 2019-01-29 05:19:12 -05:00
pth-carpet.py First 2018-02-02 22:22:43 +01:00
revshell.c Simple reverse-shell added. 2019-06-28 13:22:06 +02:00
win-clean-logs.bat First 2018-02-02 22:22:43 +01:00

README.md

  • awareness.bat - Little and quick Windows Situational-Awareness set of commands to execute after gaining initial foothold (coming from APT34: https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html ) (gist)

  • Force-PSRemoting.ps1 - Forcefully enable WinRM / PSRemoting. gist

  • GlobalProtectDisable.cpp - Global Protect VPN Application patcher allowing the Administrator user to disable VPN without Passcode. (gist)

    Steps are following:

    1. Launch the application as an Administrator
    2. Read instructions carefully and press OK
    3. Right-click on GlobalProtect tray-icon
    4. Select "Disable"
    5. Enter some random meaningless password

    After those steps - the GlobalProtect will disable itself cleanly. From now on, the GlobalProtect will remain disabled until you reboot the machine (or restart the PanGPA.exe process or PanGPS service).

  • impacket-binaries.sh - Simple one-liner that downloads all of the Windows EXE impacket binaries put out in Impacket Binaries repo. gist

  • pth-carpet.py - Pass-The-Hash Carpet Bombing utility - trying every provided hash against every specified machine. (gist)

  • revshell.c - Utterly simple reverse-shell, ready to be compiled by mingw-w64 on Kali. No security features attached, completely not OPSEC-safe.

  • Simulate-DNSTunnel.ps1 - Performs DNS Tunnelling simulation for purpose of triggering installed Network IPS and IDS systems, generating SIEM offenses and picking up Blue Teams.

  • win-clean-logs.bat - Batch script to hide malware execution from Windows box. Source: Mandiant M-Trends 2017. (gist)