β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ PHP4 COM function (windows version) : FULL
PART 2
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) For the last identifier, I want to point out that it is not easy to get the correct object identifier name thing. If you can not access the VBA documentation, you can find about windows registry
2) table, looking about in HKEY_CLASSES_ROOT, you can get some name of the application. Object IDs that are valid on your machine are placed in the CLSID subfolder.
3) Applications typically provide documentation describing its COM methods and properties. In office2000, you can run the program, open the VBA editor, and select the object editor. Enter the application
4) a method name or attribute name of the library, and then, in the following window with the right mouse button to select a class or member name, some help, you'll get a description of the class or member. You also
5) can refer to MSDN. An Excel example is as follows: http://msdn.microsoft.com/library/officedev/off2000/xltocobjectmodelapplication.htm
6) Operate MS Word with COM functions
Now, let's start the first example:
# **** *********************************************
# This example comes from the Zend site, with minor changes
# Open a word instance and create a new document Useless test.doc
# Enter a line of text "
# ********************************************* **** #Instantiate
print "Loaded Word, version {$ word -> Version}
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
an object
$ word = new COM ("word.application") or die ("Unable to instantiate Word"); #Get
and display the version
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ PHP4 COM function (windows version) : FULL
PART 2
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) For the last identifier, I want to point out that it is not easy to get the correct object identifier name thing. If you can not access the VBA documentation, you can find about windows registry
2) table, looking about in HKEY_CLASSES_ROOT, you can get some name of the application. Object IDs that are valid on your machine are placed in the CLSID subfolder.
3) Applications typically provide documentation describing its COM methods and properties. In office2000, you can run the program, open the VBA editor, and select the object editor. Enter the application
4) a method name or attribute name of the library, and then, in the following window with the right mouse button to select a class or member name, some help, you'll get a description of the class or member. You also
5) can refer to MSDN. An Excel example is as follows: http://msdn.microsoft.com/library/officedev/off2000/xltocobjectmodelapplication.htm
6) Operate MS Word with COM functions
Now, let's start the first example:
# **** *********************************************
# This example comes from the Zend site, with minor changes
# Open a word instance and create a new document Useless test.doc
# Enter a line of text "
# ********************************************* **** #Instantiate
print "Loaded Word, version {$ word -> Version}
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
an object
$ word = new COM ("word.application") or die ("Unable to instantiate Word"); #Get
and display the version
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ PHP4 COM function (windows version) : FULL
PART 3
instagram.com/UndercOdeTestingCompany
"; #Another
way to get the version
$ testversion = com_get ($ word-> application, version);
print" Version using Com_get (): $ testversion
"; #Make
it visible
$ word-> Visible = 1;
# creates a new file
$ Word-> Documents-> the Add ();
# write character
$ Word-> Selection-> TypeText ( "This IS the Test A ...");
# save
$ word-> documents [1] -> the SaveAs ( "Useless test.doc");
# close
$ Word-> the Quit ();
>?
Just take a few minutes to read this program and refer to Word's OLE technical documentation, you will learn almost all the operations you need in your own program.
MS Excel function using PHP's COM
γγAs the example above, like Word, you should learn this example also refer to the documentation for Excel Visual Basic Editor Object Browser.
#Open workbook and its sheet,
#This example uses a spreadsheet that is SOLVSAMP.XLS that comes with Excel installation
$ workbook = "C: Program FilesMicrosoft officeOfficeSamplesSOLVSAMP.XLS";
$ sheet = "Quick Tour"; #Instance
a Component object
$ ex = new COM ("Excel.sheet") or Die ("Did not connect"); #Get
program name and version
print "Application name: {$ ex-> Application-> value}
";
print " Loaded version: {$ ex-> Application-> version}
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ PHP4 COM function (windows version) : FULL
PART 3
instagram.com/UndercOdeTestingCompany
"; #Another
way to get the version
$ testversion = com_get ($ word-> application, version);
print" Version using Com_get (): $ testversion
"; #Make
it visible
$ word-> Visible = 1;
# creates a new file
$ Word-> Documents-> the Add ();
# write character
$ Word-> Selection-> TypeText ( "This IS the Test A ...");
# save
$ word-> documents [1] -> the SaveAs ( "Useless test.doc");
# close
$ Word-> the Quit ();
>?
Just take a few minutes to read this program and refer to Word's OLE technical documentation, you will learn almost all the operations you need in your own program.
MS Excel function using PHP's COM
γγAs the example above, like Word, you should learn this example also refer to the documentation for Excel Visual Basic Editor Object Browser.
#Open workbook and its sheet,
#This example uses a spreadsheet that is SOLVSAMP.XLS that comes with Excel installation
$ workbook = "C: Program FilesMicrosoft officeOfficeSamplesSOLVSAMP.XLS";
$ sheet = "Quick Tour"; #Instance
a Component object
$ ex = new COM ("Excel.sheet") or Die ("Did not connect"); #Get
program name and version
print "Application name: {$ ex-> Application-> value}
";
print " Loaded version: {$ ex-> Application-> version}
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦POPULAR CRACKING TOOLS :
https://wpscan.org/
https://nmap.org/
https://cisofy.com/lynis/
https://www.aircrack-ng.org/
https://github.com/vanhauser-thc/THC-Archive
https://www.wireshark.org/
https://github.com/rapid7/metasploit-framework
https://gitlab.com/kalilinux/packages/skipfish/
https://www.paterva.com/web7/buy/maltego-clients.php
https://www.tenable.com/try
https://portswigger.net/burp
https://github.com/iBotPeaches/Apktool
http://sqlmap.org/
https://www.snort.org/#get-started
https://www.sleuthkit.org/autopsy/
https://github.com/securestate/king-phisher
https://gitlab.com/kalilinux/packages/nikto/
https://github.com/tomac/yersinia
https://www.trustedsec.com/social-engineer-toolkit-set/
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦POPULAR CRACKING TOOLS :
https://wpscan.org/
https://nmap.org/
https://cisofy.com/lynis/
https://www.aircrack-ng.org/
https://github.com/vanhauser-thc/THC-Archive
https://www.wireshark.org/
https://github.com/rapid7/metasploit-framework
https://gitlab.com/kalilinux/packages/skipfish/
https://www.paterva.com/web7/buy/maltego-clients.php
https://www.tenable.com/try
https://portswigger.net/burp
https://github.com/iBotPeaches/Apktool
http://sqlmap.org/
https://www.snort.org/#get-started
https://www.sleuthkit.org/autopsy/
https://github.com/securestate/king-phisher
https://gitlab.com/kalilinux/packages/nikto/
https://github.com/tomac/yersinia
https://www.trustedsec.com/social-engineer-toolkit-set/
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
WPScan
WPScan CLI Scanner Install + User Guide
The WPScan CLI tool is a free, for non-commercial use, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their sites.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦A cheat sheet that contains common enumeration and attack methods for Windows Active Directory:
Enum Domain Computers:
Get-NetComputer -FullData
Get-DomainGroup
#Enumerate Live machines
Get-NetComputer -Ping
Enum Groups and Group Members:
Get-NetGroupMember -GroupName "<GroupName>" -Domain <DomainName>
#Enumerate the members of a specified group of the domain
Get-DomainGroup -Identity <GroupName> | Select-Object -ExpandProperty Member
#Returns all GPOs in a domain that modify local group memberships through Restricted Groups or Group Policy Preferences
Get-DomainGPOLocalGroup | Select-Object GPODisplayName, GroupName
Enumerate Shares
#Enumerate Domain Shares
Find-DomainShare
#Enumerate Domain Shares the current user has access
Find-DomainShare -CheckShareAccess
Enum Group Policies:
Get-NetGPO
# Shows active Policy on specified machine
Get-NetGPO -ComputerName <Name of the PC>
Get-NetGPOGroup
#Get users that are part of a Machine's local Admin group
Find-GPOComputerAdmin -ComputerName <ComputerName>
Enum OUs:
Get-NetOU -FullData
Get-NetGPO -GPOname <The GUID of the GPO>
Enum ACLs:
# Returns the ACLs associated with the specified account
Get-ObjectAcl -SamAccountName <AccountName> -ResolveGUIDs
Get-ObjectAcl -ADSprefix 'CN=Administrator, CN=Users' -Verbose
#Search for interesting ACEs
Invoke-ACLScanner -ResolveGUIDs
#Check the ACLs associated with a specified path (e.g smb share)
Get-PathAcl -Path "\\Path\Of\A\Share"
Enum Domain Trust:
Get-NetDomainTrust
Get-NetDomainTrust -Domain <DomainName>
Enum Forest Trust:
Get-NetForestDomain
Get-NetForestDomain Forest <ForestName>
#Domains of Forest Enumeration
Get-NetForestDomain
Get-NetForestDomain Forest <ForestName>
#Map the Trust of the Forest
Get-NetForestTrust
Get-NetDomainTrust -Forest <ForestName>
User Hunting:
#Finds all machines on the current domain where the current user has local admin access
Find-LocalAdminAccess -Verbose
#Find local admins on all machines of the domain:
Invoke-EnumerateLocalAdmin -Verbose
#Find computers were a Domain Admin OR a spesified user has a session
Invoke-UserHunter
Invoke-UserHunter -GroupName "RDPUsers"
Invoke-UserHunter -Stealth
#Confirming admin access:
Invoke-UserHunter -CheckAccess
AVAIBLE HERE Β» : https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦A cheat sheet that contains common enumeration and attack methods for Windows Active Directory:
Enum Domain Computers:
Get-NetComputer -FullData
Get-DomainGroup
#Enumerate Live machines
Get-NetComputer -Ping
Enum Groups and Group Members:
Get-NetGroupMember -GroupName "<GroupName>" -Domain <DomainName>
#Enumerate the members of a specified group of the domain
Get-DomainGroup -Identity <GroupName> | Select-Object -ExpandProperty Member
#Returns all GPOs in a domain that modify local group memberships through Restricted Groups or Group Policy Preferences
Get-DomainGPOLocalGroup | Select-Object GPODisplayName, GroupName
Enumerate Shares
#Enumerate Domain Shares
Find-DomainShare
#Enumerate Domain Shares the current user has access
Find-DomainShare -CheckShareAccess
Enum Group Policies:
Get-NetGPO
# Shows active Policy on specified machine
Get-NetGPO -ComputerName <Name of the PC>
Get-NetGPOGroup
#Get users that are part of a Machine's local Admin group
Find-GPOComputerAdmin -ComputerName <ComputerName>
Enum OUs:
Get-NetOU -FullData
Get-NetGPO -GPOname <The GUID of the GPO>
Enum ACLs:
# Returns the ACLs associated with the specified account
Get-ObjectAcl -SamAccountName <AccountName> -ResolveGUIDs
Get-ObjectAcl -ADSprefix 'CN=Administrator, CN=Users' -Verbose
#Search for interesting ACEs
Invoke-ACLScanner -ResolveGUIDs
#Check the ACLs associated with a specified path (e.g smb share)
Get-PathAcl -Path "\\Path\Of\A\Share"
Enum Domain Trust:
Get-NetDomainTrust
Get-NetDomainTrust -Domain <DomainName>
Enum Forest Trust:
Get-NetForestDomain
Get-NetForestDomain Forest <ForestName>
#Domains of Forest Enumeration
Get-NetForestDomain
Get-NetForestDomain Forest <ForestName>
#Map the Trust of the Forest
Get-NetForestTrust
Get-NetDomainTrust -Forest <ForestName>
User Hunting:
#Finds all machines on the current domain where the current user has local admin access
Find-LocalAdminAccess -Verbose
#Find local admins on all machines of the domain:
Invoke-EnumerateLocalAdmin -Verbose
#Find computers were a Domain Admin OR a spesified user has a session
Invoke-UserHunter
Invoke-UserHunter -GroupName "RDPUsers"
Invoke-UserHunter -Stealth
#Confirming admin access:
Invoke-UserHunter -CheckAccess
AVAIBLE HERE Β» : https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methodsβ¦
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory. - S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦A cheat sheet that contains common enumeration and attack methods for Windows Active Directory:
Get Domain Policy:
Get-DomainPolicy
#Will show us the policy configurations of the Domain about system access or kerberos
(Get-DomainPolicy)."system access"
(Get-DomainPolicy)."kerberos policy"
Get Domain Controllers:
Get-NetDomainController
Get-NetDomainController -Domain <DomainName>
Enumerate Domain Users:
Get-NetUser
Get-NetUser -SamAccountName <user>
Get-NetUser | select cn
Get-UserProperty
#Check last password change
Get-UserProperty -Properties pwdlastset
#Get a spesific "string" on a user's attribute
Find-UserField -SearchField Description -SearchTerm "wtver"
#Enumerate user logged on a machine
Get-NetLoggedon -ComputerName <ComputerName>
#Enumerate Session Information for a machine
Get-NetSession -ComputerName <ComputerName>
#Enumerate domain machines of the current/specified domain where specific users are logged into
Find-DomainUserLocation -Domain <DomainName> | Select-Object UserName, SessionFromName
Enum Domain Computers:
Get-NetComputer -FullData
Get-DomainGroup
#Enumerate Live machines
Get-NetComputer -Ping
Enum Groups and Group Members:
Get-NetGroupMember -GroupName "<GroupName>" -Domain <DomainName>
#Enumerate the members of a specified group of the domain
Get-DomainGroup -Identity <GroupName> | Select-Object -ExpandProperty Member
#Returns all GPOs in a domain that modify local group memberships through Restricted Groups or Group Policy Preferences
Get-DomainGPOLocalGroup | Select-Object GPODisplayName, GroupName
More & source:
https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦A cheat sheet that contains common enumeration and attack methods for Windows Active Directory:
Get Domain Policy:
Get-DomainPolicy
#Will show us the policy configurations of the Domain about system access or kerberos
(Get-DomainPolicy)."system access"
(Get-DomainPolicy)."kerberos policy"
Get Domain Controllers:
Get-NetDomainController
Get-NetDomainController -Domain <DomainName>
Enumerate Domain Users:
Get-NetUser
Get-NetUser -SamAccountName <user>
Get-NetUser | select cn
Get-UserProperty
#Check last password change
Get-UserProperty -Properties pwdlastset
#Get a spesific "string" on a user's attribute
Find-UserField -SearchField Description -SearchTerm "wtver"
#Enumerate user logged on a machine
Get-NetLoggedon -ComputerName <ComputerName>
#Enumerate Session Information for a machine
Get-NetSession -ComputerName <ComputerName>
#Enumerate domain machines of the current/specified domain where specific users are logged into
Find-DomainUserLocation -Domain <DomainName> | Select-Object UserName, SessionFromName
Enum Domain Computers:
Get-NetComputer -FullData
Get-DomainGroup
#Enumerate Live machines
Get-NetComputer -Ping
Enum Groups and Group Members:
Get-NetGroupMember -GroupName "<GroupName>" -Domain <DomainName>
#Enumerate the members of a specified group of the domain
Get-DomainGroup -Identity <GroupName> | Select-Object -ExpandProperty Member
#Returns all GPOs in a domain that modify local group memberships through Restricted Groups or Group Policy Preferences
Get-DomainGPOLocalGroup | Select-Object GPODisplayName, GroupName
More & source:
https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methodsβ¦
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory. - S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet