Windows Exploits
Windows Exploit Suggester
https://github.com/bitsadmin/wesng
./wes.py --update
systeminfo > systeminfo.txt
wes.py systeminfo.txt
Get-HotFix | Sort-Object InstalledOn -Descending
PowerShell Windows Exploit Tools
Search DIRECTORY for files that contain STRING
ls -r c:\PATH\TO\DIRECTORY -file | % {Select-String -path $_ -pattern STRING}
CMD.exe Windows Exploit Tools
Configure a Windows machine as a WPA2-PSK Access Point
netsh wlan set hostednetwork mode=allow ssid=<MYSSID> key=<MYPASSWORD> && netsh wlan start hostednetwork
Configure a TCP port forwarding relay from IPv4 to IPv6
netsh interface portproxy add v4tov6 listenport=<LPORT> listenaddress=0.0.0.0 connectport=<RPORT> connectaddress=<RHOST>
Mount Remote Network Share
net use X: \\IP_Address\c$
Add New User to Current Host
net user <UserName> <Password> /add
Add User to Local Admin Group
net localgroup Administrators <UserName> /add
Enumerate presence of files with SID access of User on ACLs of c:
icacls c:\*. /findsid <UserName> /t /c /l
Python
Python Web Client: download file/webpage to file
import urllib.request; urllib.request.urlretrieve("http://google.com","/google.html")
Python Web Server: serve up current directory on port 8000
-m http.server 8000
Privilege Escalation
Password Tools
pwdump
cachedump
lsadump
metasploit's psexec_psh
load kiwi
https://github.com/gentilkiwi/mimikatz
Last updated
Was this helpful?