Forwarded from UNDERCODE COMMUNITY
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#Resources for Windows-based Assessments 2020 v
#Tools used for Windows-based Assessments
- PowerShell Empire
- CimSweep
- Responder - A LLMNR, NBT-NS and MDNS poisoner
- BloodHound - Six Degrees of Domain Admin
- AD Control Path - Active Directory Control Paths auditing and graphing tools
- PowerSploit - A PowerShell Post-Exploitation Framework
- PowerView - Situational Awareness PowerShell framework
- PowerSCCM - Functions to facilitate connections to and queries from SCCM databases and WMI interfaces for both offensive and defensive applications.
- Empire - PowerShell and Python post-exploitation agent
- Mimikatz - Utility to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory but also perform pass-the-hash, pass-the-ticket or build Golden tickets
- UACME - Defeating Windows User Account Control
- Windows System Internals - (Including Sysmon etc.)
- Hardentools - Collection of simple utilities designed to disable a number of "features" exposed by Windows
- CrackMapExec - A swiss army knife for pentesting Windows/Active Directory environments
#Additional Resources
- PaulSec Windows Resource Repository
- Tools Cheatsheets - (Beacon, PowerView, PowerUp, Empire, ...)
- SANS PowerShell Cheat Sheet
- The Active Directory module for Windows PowerShell is a PowerShell module that consolidates a group of cmdlets.
>git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#Resources for Windows-based Assessments 2020 v
#Tools used for Windows-based Assessments
- PowerShell Empire
- CimSweep
- Responder - A LLMNR, NBT-NS and MDNS poisoner
- BloodHound - Six Degrees of Domain Admin
- AD Control Path - Active Directory Control Paths auditing and graphing tools
- PowerSploit - A PowerShell Post-Exploitation Framework
- PowerView - Situational Awareness PowerShell framework
- PowerSCCM - Functions to facilitate connections to and queries from SCCM databases and WMI interfaces for both offensive and defensive applications.
- Empire - PowerShell and Python post-exploitation agent
- Mimikatz - Utility to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory but also perform pass-the-hash, pass-the-ticket or build Golden tickets
- UACME - Defeating Windows User Account Control
- Windows System Internals - (Including Sysmon etc.)
- Hardentools - Collection of simple utilities designed to disable a number of "features" exposed by Windows
- CrackMapExec - A swiss army knife for pentesting Windows/Active Directory environments
#Additional Resources
- PaulSec Windows Resource Repository
- Tools Cheatsheets - (Beacon, PowerView, PowerUp, Empire, ...)
- SANS PowerShell Cheat Sheet
- The Active Directory module for Windows PowerShell is a PowerShell module that consolidates a group of cmdlets.
>git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
PowerShell Empire
Building an Empire with PowerShell
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Patch for wordpress 2020- to httaccess against 30% of sql :
1οΈβ£Open .httaccess
2οΈβ£add those lines :
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [F,L]
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|Γͺ|"|;|\?|\*|=$).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*("|'|<|>|\|{||).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare).* [NC]
RewriteCond %{HTTP_COOKIE} !^.*WordPress_logged_in_.*$
RewriteRule ^(.*)$ - [F,L]
</IfModule>
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Patch for wordpress 2020- to httaccess against 30% of sql :
1οΈβ£Open .httaccess
2οΈβ£add those lines :
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [F,L]
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|Γͺ|"|;|\?|\*|=$).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*("|'|<|>|\|{||).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare).* [NC]
RewriteCond %{HTTP_COOKIE} !^.*WordPress_logged_in_.*$
RewriteRule ^(.*)$ - [F,L]
</IfModule>
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β