Windows
Windows¶
Restore a Windows Password after a password reset # In case you didn't now how to restore the user password after a password reset (get the previous hash with DCSync)
Telegram Desktop Session Stealer (Windows)
Embeds a PowerShell script in the pixels of a PNG file
Exchange Web Services Office 365 Bruteforcer
UAC Bypassing
Exploit default Windows configuration by replying to DHCPv6 messages, providing victims with a link-local IPv6 address and setting the attackers host as default DNS server.
WinLogon Windows 7 x64 COM Hijack
Powershell-based Windows Security Auditing Toolbox
Inject jobs into the Background Intelligent Transfer Service queue, allowing arbitrary program execution as the NT AUTHORITY/SYSTEM account
A tool to abuse Exchange services
Windows 10 slim edition
SMB¶
SMB Relay Attack Script
Automated script to search in SMB protocol for availables pipe names
https://github.com/byt3bl33d3r/CrackMapExec
Module of Metasploit to exploit the vulnerability Eternalblue-Doublepulsar.
Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment
Graph the AD users and computers and their permissions
GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.
PowerShell Pass The Hash Utils
Kiosk Mode¶
Sticky Keys Backdoor:
1. Copy C:\Windows\System32\Utilman.exe to Utilman.exe.bak
2. Copy C:\Windows\System32\cmd.exe to Utilman.exe
3. Hit Windows + U at the login screen