This repo contains all the notes collected during the preparation for the OSCP (see wiki) and the list of tools collected for the different phases of PT.
The sources of the scripts have not been added to avoid problems of redundancy, outdated versions and copyright. Instead, the various links to projects and repos from which the various tools can be downloaded have been added.
Select your preferred tools, download them from their respective repos, run the script to start the web server and you are ready to load the tools on the compromised target.
Build your own collection of tools for the post exploitation phase!
Simple script to scan ports with python:
from socket import *
import sys
if len(sys.argv) < 2:
print('USAGE: portScanner.py <target> [<port1> ... <portN>]')
exit(1)
elif len(sys.argv) > 2:
ports = sys.argv[2:]
else:
ports = [21,22,23,25,80,443,445,3389,8000,8080]
t_IP = gethostbyname(sys.argv[1])
print ('Starting scan against host: ', t_IP)
for i in ports:
s = socket(AF_INET, SOCK_STREAM) # create socker everytimes to avoid problems
conn = s.connect_ex((t_IP, int(i)))
if(conn == 0): print('Port %d: OPEN' % (int(i),))
s.close()Put some reverse shells into this folder (revShell). Create them with different ports so that they can be used as needed. You can find commands for generating reverse shells on the wiki.
- php:
php -S localhost:<port> - python2:
python -m SimpleHTTPServer <port> # listen on all interfaces - python3:
python3 -m http.server <port> - zip tools and start web server (start_server.sh):
#!/bin/bash
# get parameters
[[ "$1" == '-h' ]] && { echo 'start_server.sh [<port>]'; exit 0; }
[[ "$1" == '' ]] && echo '[*] No port specified. Default port will be used (7000)'
# create zip
echo '[*] zipping folders...'
rm *.zip &> /dev/null
mkdir -p ./launchpad/ # create web root
rm -r -f ./launchpad/* # if it already exists remove its content
if zip --exclude start_server.sh -r toolbox.zip . &> /dev/null; then
sleep 1
else
echo '[!] Error while zipping folders'
exit 2
fi
# move zip to launchpad
mv toolbox.zip ./launchpad
cd ./launchpad
# start web server
echo '[*] starting server...'
if [[ "$1" != '' ]]; then
python3 -m http.server "$1"
else
python3 -m http.server 7000
fi
- mimikatz old (sometimes it is useful) - 2.1.1
- mimikatz new - 2.2.0
- adPEAS
- Invoke-Kerberoast
- kerbrute - x86/x64
- PowerView
- procdump.exe - whole sysinternal suite
- psexec.exe - whole sysinternal suite
- SharpHound
Nginx it's a stable, light and standalone web server. No need installation just run the .exe
Put some reverse shells into this folder (revShell). Create them with different ports so that they can be used as needed. You can find commands for generating reverse shells on the wiki.