Windows
Windows Post Exploitation¶
Powershell Script to mine Bitcoins with IE in the background
A PowerShell Post-Exploitation Framework
Windows traffic sniffing for low level accounts
PowerShell script for finding vulnerable settings in AD Group Policy
Kill Event Tracing for Windows (ETW)
Searching emails in a Microsoft Exchange environment- It can be used as a non-administrative user to search their own email, or by an Exchange administrator to search the mailboxes of every user in a domain.
Windows Bootkit
A portable console aimed at making pentesting with PowerShell a little easier.
Obfuscating PSAttack
Pivoting¶
Hashes/Passwords¶
Retrieving NTLM Hashes without Touching LSASS
Windows Credentials Editor
Powershell script for discovery of Privileged Accounts
Decrypt Passwords stored on Windows
Audit and attack Active Directory environments that have deployed Microsoft's Local Administrator Password Solution (LAPS).
Extract plaintexts passwords, hash, PIN code and kerberos tickets from memory and perform pass-the-hash, pass-the-ticket or build Golden tickets.
Persistence¶
Windows Userland Persistence Fundamentals
Powershell PE Injection
Use Powershell to download exe and execute in memory
Obfuscate downloading exe
Remote Administration Tool for Windows
Get Wireless keys:
netsh wlan show profile name="ssid" key=clear
Passwords¶
Windows Credential Vault is often used to store saved passwords. https://rastamouse.me/2017/08/jumping-network-segregation-with-rdp/