whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

bump

This commit is contained in:
Stefan Friese 2021-09-27 23:01:32 +02:00
parent 3800d3b247
commit 80b94f4663
3 changed files with 47 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
enumeration/windows/powershell.md
View File

@ -65,11 +65,30 @@ Get-ChildItem -Path C:\ -Recurse -Include *.txt -ErrorAction SilentlyContinue |
```sh ```sh
Get-HotFix | Format-list | findstr <searchstring> Get-HotFix | Format-list | findstr <searchstring>
``` ```
```sh
Get-ChildItem -Hidden -Recurse -ErrorAction SilentlyContinue
```
* Find backup files
```sh
Get-ChildItem -Path C:\ -Recurse -Include *.bak* -ErroAction SilentlyContinue
```
* Find file contents
```sh
Get-ChildItem -Path C:\* -Recurse | Select-String -pattern API_KEY
```
## Showing File Content ## Showing File Content
``` ```
Get-Content 'C:\Program Files\interesting-file.txt' Get-Content 'C:\Program Files\interesting-file.txt'
``` ```
* Indexing lines
```sh
(Get-Content -Path file.txt)[index]
```
* Search
```sh
Select-String <filename> -Pattern <pattern>
```
## Copy File Content ## Copy File Content
```sh ```sh
@ -79,7 +98,12 @@ Copy-Item <sourcefile> <destfile>
## Count Lines of Output ## Count Lines of Output
As an example, count all cmdlets on the system As an example, count all cmdlets on the system
``` ```
Get-Command | Where-Object CommandType -eq CmdLet | Measure-Object Get-Command | Where-Object CommandType -eq CmdLet | Measure-Object
```
## Count Words
```
Get-Command | Where-Object CommandType -eq CmdLet | Measure-Object -Word
``` ```
## Checksum of File ## Checksum of File
@ -160,16 +184,6 @@ Get-Hotfix
Get-Hotfix | Where-Object -Property HotFixID -Match KB124284 Get-Hotfix | Where-Object -Property HotFixID -Match KB124284
``` ```
### Find files and Content
* Find backup files
```
Get-ChildItem -Path C:\ -Recurse -Include *.bak* -ErroAction SilentlyContinue
```
* Find file contents
```
Get-ChildItem -Path C:\* -Recurse | Select-String -pattern API_KEY
```
### Processes ### Processes
* Start processes * Start processes
@ -190,6 +204,16 @@ or
Get-ScheduledTask -TaskName taskname Get-ScheduledTask -TaskName taskname
``` ```
### Alternate Data Stream(ADS)
* Show ADS
```sh
Get-Item -Path file.exe -Stream *
```
* Open ADS
```sh
wmic process call create $(Resolve-Path file.exe:streamname)
```
### Export Output ### Export Output
* Export as CSV * Export as CSV
```sh ```sh

9
enumeration/windows/vss.md Normal file
View File

@ -0,0 +1,9 @@
# Volume Shadow Copy Service
## Usage
```sh
vssadmin list volumes
```
```sh
vssadmin list shadows
```

3
exploit/web/ssrf/ssrf.md
View File

@ -58,6 +58,9 @@ This may be used for path traversal
``` ```
Check return value of the form for result. Check return value of the form for result.
## Tricks
* `localtest.me` resolves to `127.0.0.1`, may be used to extend a domain inside a parameter to redirect to localhost.
## Tools ## Tools
* [Payload All The Things](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery#file) * [Payload All The Things](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery#file)
* https://requestbin.com * https://requestbin.com