Windows Exploits
Windows Exploit Suggester
https://github.com/bitsadmin/wesng
./wes.py --updatesysteminfo > systeminfo.txtwes.py systeminfo.txtGet-HotFix | Sort-Object InstalledOn -DescendingPowerShell Windows Exploit Tools
Search DIRECTORY for files that contain STRING
ls -r c:\PATH\TO\DIRECTORY -file | % {Select-String -path $_ -pattern STRING}CMD.exe Windows Exploit Tools
Configure a Windows machine as a WPA2-PSK Access Point
netsh wlan set hostednetwork mode=allow ssid=<MYSSID> key=<MYPASSWORD> && netsh wlan start hostednetworkConfigure a TCP port forwarding relay from IPv4 to IPv6
netsh interface portproxy add v4tov6 listenport=<LPORT> listenaddress=0.0.0.0 connectport=<RPORT> connectaddress=<RHOST>Mount Remote Network Share
net use X: \\IP_Address\c$Add New User to Current Host
net user <UserName> <Password> /addAdd User to Local Admin Group
net localgroup Administrators <UserName> /addEnumerate presence of files with SID access of User on ACLs of c:
icacls c:\*. /findsid <UserName> /t /c /lPython
Python Web Client: download file/webpage to file
import urllib.request; urllib.request.urlretrieve("http://google.com","/google.html")Python Web Server: serve up current directory on port 8000
-m http.server 8000Privilege Escalation
Password Tools
pwdump
cachedump
lsadump
metasploit's psexec_psh
load kiwi
https://github.com/gentilkiwi/mimikatz
Last updated
Was this helpful?