In this scenario, we assumed that we have a reverse shell to the victim’s machine and want persistence on the machine. For this, we will use Windows services. First, we start with creating a malicious .exe file called mal.exe with msfvenom. With this payload, we will be able to createContinue Reading
Modules are typically work in Powershell directly. “Get-Module” command can be used to see imported modules. “Get-Module -ListAvailable” command show the modules available. For the additional modules we want to use, we should import them first. Once we import the module, we can use its all commands anymore. We willContinue Reading
With Zone Identifier, we can say whether a file downloaded from internet or not. A file with zone.identifier extension is an ADS (Alternate Data Stream) file that contains information about another file. It describes the security zone for the file. Zone identifier files are generated by Internet Explorer and OutlookContinue Reading
“.. a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework. ItContinue Reading
Credential Dumping As MITRE says on its website, adversaries dump credentials to obtain login credentials to perform lateral movement when they got access to a computer. Several tools and techniques may be used to dump credentials of a computer. Here, I will try to show two different credential dumping techniquesContinue Reading
function global:wget($Address, [switch]$NoCache){ $client = New-Object Net.WebClient $proxy = New-object System.Net.WebProxy “10.0.0.10:8080” $proxy.Credentials = New-Object System.Net.NetworkCredential (“DOMAIN\user”, “password”) $client.proxy=$proxy$Client.Headers.Add(“user-agent”, “Windows Powershell WebClient Header”) if ($NoCache) {# doesn’t use the cache at all$client.CachePolicy = New-Object Net.Cache.RequestCachePolicy([Net.Cache.RequestCacheLevel]::NoCacheNoStore)}$client.DownloadString($Address)}wget -Address “http://www.be4sec.com” -NoCacheContinue Reading