From 80b94f4663777fee8173ede8ab8f748cda8a1ae8 Mon Sep 17 00:00:00 2001 From: whx Date: Mon, 27 Sep 2021 23:01:32 +0200 Subject: [PATCH] bump --- enumeration/windows/powershell.md | 46 +++++++++++++++++++++++-------- enumeration/windows/vss.md | 9 ++++++ exploit/web/ssrf/ssrf.md | 3 ++ 3 files changed, 47 insertions(+), 11 deletions(-) create mode 100644 enumeration/windows/vss.md diff --git a/enumeration/windows/powershell.md b/enumeration/windows/powershell.md index e801899..96f67f5 100644 --- a/enumeration/windows/powershell.md +++ b/enumeration/windows/powershell.md @@ -65,11 +65,30 @@ Get-ChildItem -Path C:\ -Recurse -Include *.txt -ErrorAction SilentlyContinue | ```sh Get-HotFix | Format-list | findstr ``` +```sh +Get-ChildItem -Hidden -Recurse -ErrorAction SilentlyContinue +``` +* Find backup files +```sh +Get-ChildItem -Path C:\ -Recurse -Include *.bak* -ErroAction SilentlyContinue +``` +* Find file contents +```sh +Get-ChildItem -Path C:\* -Recurse | Select-String -pattern API_KEY +``` ## Showing File Content ``` Get-Content 'C:\Program Files\interesting-file.txt' ``` +* Indexing lines +```sh +(Get-Content -Path file.txt)[index] +``` +* Search +```sh +Select-String -Pattern +``` ## Copy File Content ```sh @@ -79,7 +98,12 @@ Copy-Item ## Count Lines of Output As an example, count all cmdlets on the system ``` -Get-Command | Where-Object CommandType -eq CmdLet | Measure-Object +Get-Command | Where-Object CommandType -eq CmdLet | Measure-Object +``` + +## Count Words +``` +Get-Command | Where-Object CommandType -eq CmdLet | Measure-Object -Word ``` ## Checksum of File @@ -160,16 +184,6 @@ Get-Hotfix Get-Hotfix | Where-Object -Property HotFixID -Match KB124284 ``` -### Find files and Content -* Find backup files -``` -Get-ChildItem -Path C:\ -Recurse -Include *.bak* -ErroAction SilentlyContinue -``` - -* Find file contents -``` -Get-ChildItem -Path C:\* -Recurse | Select-String -pattern API_KEY -``` ### Processes * Start processes @@ -190,6 +204,16 @@ or Get-ScheduledTask -TaskName taskname ``` +### Alternate Data Stream(ADS) +* Show ADS +```sh +Get-Item -Path file.exe -Stream * +``` +* Open ADS +```sh +wmic process call create $(Resolve-Path file.exe:streamname) +``` + ### Export Output * Export as CSV ```sh diff --git a/enumeration/windows/vss.md b/enumeration/windows/vss.md new file mode 100644 index 0000000..80b78d7 --- /dev/null +++ b/enumeration/windows/vss.md @@ -0,0 +1,9 @@ +# Volume Shadow Copy Service + +## Usage +```sh +vssadmin list volumes +``` +```sh +vssadmin list shadows +``` diff --git a/exploit/web/ssrf/ssrf.md b/exploit/web/ssrf/ssrf.md index a26b9bd..b977e8f 100644 --- a/exploit/web/ssrf/ssrf.md +++ b/exploit/web/ssrf/ssrf.md @@ -58,6 +58,9 @@ This may be used for path traversal ``` Check return value of the form for result. +## Tricks +* `localtest.me` resolves to `127.0.0.1`, may be used to extend a domain inside a parameter to redirect to localhost. + ## Tools * [Payload All The Things](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery#file) * https://requestbin.com