diff --git a/_wadcoms/Crackmapexec-Enum-LDAP.md b/_wadcoms/Crackmapexec-Enum-LDAP.md deleted file mode 100644 index debed4f..0000000 --- a/_wadcoms/Crackmapexec-Enum-LDAP.md +++ /dev/null @@ -1,27 +0,0 @@ ---- -description: | - "CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks." - https://github.com/mpgn/CrackMapExec/wiki. This command will enumerate domain groups, local groups, users, user descriptions, users trusted for delegation, users without a password, You can also use CIDR notation to target a range of ip addresses (i.e. 10.10.10.0/24). - - Command Reference: - - Target IP: 10.10.10.1 - - Username: john - - Password: password123 - -command: | - crackmapexec ldap 10.10.10.1 -u 'john' -p 'password123' --trusted-for-delegation --password-not-required --admin-count --users --groups -items: - - Username - - Password -services: - - LDAP -attack_types: - - Enumeration -OS: - - Linux -references: - - https://github.com/mpgn/CrackMapExec - - https://github.com/mpgn/CrackMapExec/wiki ---- diff --git a/_wadcoms/Crackmapexec-Enum-SMB-Anonymous.md b/_wadcoms/Crackmapexec-Enum-SMB-Anonymous.md deleted file mode 100644 index 6ab6595..0000000 --- a/_wadcoms/Crackmapexec-Enum-SMB-Anonymous.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -description: | - "CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks." - https://github.com/mpgn/CrackMapExec/wiki. This command will enumerate the SMB host using anonymous access. - - Command Reference: - - Target IP: 10.10.10.1 - -command: | - crackmapexec smb 10.10.10.1 -u 'a' -p '' -items: - - No_Creds -services: - - SMB -attack_types: - - Enumeration -OS: - - Linux -references: - - https://github.com/mpgn/CrackMapExec - - https://github.com/mpgn/CrackMapExec/wiki ---- diff --git a/_wadcoms/Crackmapexec-Enum-SMB-Null.md b/_wadcoms/Crackmapexec-Enum-SMB-Null.md deleted file mode 100644 index 7e91068..0000000 --- a/_wadcoms/Crackmapexec-Enum-SMB-Null.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -description: | - "CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks." - https://github.com/mpgn/CrackMapExec/wiki. This command will enumerate the SMB host using a null session. - - Command Reference: - - Target IP: 10.10.10.1 - -command: | - crackmapexec smb 10.10.10.1 -u '' -p '' -items: - - No_Creds -services: - - SMB -attack_types: - - Enumeration -OS: - - Linux -references: - - https://github.com/mpgn/CrackMapExec - - https://github.com/mpgn/CrackMapExec/wiki ---- diff --git a/_wadcoms/Crackmapexec-Enum-SMB-Relay-List.md b/_wadcoms/Crackmapexec-Enum-SMB-Relay-List.md deleted file mode 100644 index 8492ec0..0000000 --- a/_wadcoms/Crackmapexec-Enum-SMB-Relay-List.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -description: | - "CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks." - https://github.com/mpgn/CrackMapExec/wiki. The following command will enumerate a list of SMB hosts with signing not enforced, allowing you to relay credentials to them using ntlmrelayx.py. - - Command Reference: - - SMB Hosts: smb_hosts.txt - -command: | - crackmapexec smb smb_host.txt --gen-relay-list output.txt -items: - - No_Creds -services: - - SMB -attack_types: - - Enumeration -OS: - - Linux -references: - - https://github.com/mpgn/CrackMapExec - - https://github.com/mpgn/CrackMapExec/wiki ---- diff --git a/_wadcoms/Crackmapexec-Enum-SMB.md b/_wadcoms/Crackmapexec-Enum-SMB.md deleted file mode 100644 index 5ddf936..0000000 --- a/_wadcoms/Crackmapexec-Enum-SMB.md +++ /dev/null @@ -1,27 +0,0 @@ ---- -description: | - "CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks." - https://github.com/mpgn/CrackMapExec/wiki. This command will enumerate domain groups, local groups, logged on users, relative identifiers (RIDs), sessions, domain users, SMB shares/permissions, and get the domain password policy. You can also use CIDR notation to target a range of ip addresses (i.e. 10.10.10.0/24). - - Command Reference: - - Target IP: 10.10.10.1 - - Username: john - - Password: password123 - -command: | - crackmapexec smb 10.10.10.1 -u 'john' -p 'password123' --groups --local-groups --loggedon-users --rid-brute --sessions --users --shares --pass-pol -items: - - Username - - Password -services: - - SMB -attack_types: - - Enumeration -OS: - - Linux -references: - - https://github.com/mpgn/CrackMapExec - - https://github.com/mpgn/CrackMapExec/wiki ---- diff --git a/_wadcoms/Crackmapexec-Exec-SMB.md b/_wadcoms/Crackmapexec-Exec-SMB.md deleted file mode 100644 index 8f309f9..0000000 --- a/_wadcoms/Crackmapexec-Exec-SMB.md +++ /dev/null @@ -1,27 +0,0 @@ ---- -description: | - "CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks." - https://github.com/mpgn/CrackMapExec/wiki. This command will execute a powershell command on the target machine if the user has Administrator privileges. using "-x" will execute from cmd. - - Command Reference: - - Target IP: 10.10.10.1 - - Username: john - - Password: password123 - -command: | - crackmapexec smb 10.10.10.1 -u 'john' -p 'password123' -X '$Host' -items: - - Username - - Password -services: - - SMB -attack_types: - - Exploitation -OS: - - Linux -references: - - https://github.com/mpgn/CrackMapExec - - https://github.com/mpgn/CrackMapExec/wiki ---- diff --git a/_wadcoms/Crackmapexec-SMB-Password-Spray.md b/_wadcoms/Crackmapexec-SMB-Password-Spray.md deleted file mode 100644 index 2a22b4a..0000000 --- a/_wadcoms/Crackmapexec-SMB-Password-Spray.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -description: | - "CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks." - https://github.com/mpgn/CrackMapExec/wiki. This command will perform password spraying over SMB against the domain controller. - - Command Reference: - - Domain Controller IP: 10.10.10.1 - - Username List: users.txt - - Password: password123 - -command: | - crackmapexec smb 10.10.10.1 -u users.txt -p password123 -items: - - Username -services: - - SMB -attack_types: - - Exploitation -OS: - - Linux -references: - - https://github.com/mpgn/CrackMapExec - - https://github.com/mpgn/CrackMapExec/wiki ---- diff --git a/_wadcoms/NetExec-Enum-LDAP.md b/_wadcoms/NetExec-Enum-LDAP.md new file mode 100644 index 0000000..f969fb0 --- /dev/null +++ b/_wadcoms/NetExec-Enum-LDAP.md @@ -0,0 +1,27 @@ +--- +description: | + "NetExec (a.k.a nxc) is a network service exploitation tool that helps automate assessing the security of large networks." - https://www.netexec.wiki/. This command will enumerate domain groups, local groups, users, user descriptions, users trusted for delegation, users without a password, You can also use CIDR notation to target a range of ip addresses (i.e. 10.10.10.0/24). + + Command Reference: + + Target IP: 10.10.10.1 + + Username: john + + Password: password123 + +command: | + nxc ldap 10.10.10.1 -u 'john' -p 'password123' --trusted-for-delegation --password-not-required --admin-count --users --groups +items: + - Username + - Password +services: + - LDAP +attack_types: + - Enumeration +OS: + - Linux +references: + - https://github.com/Pennyw0rth/NetExec + - https://www.netexec.wiki/ +--- diff --git a/_wadcoms/NetExec-Enum-SMB-Anonymous.md b/_wadcoms/NetExec-Enum-SMB-Anonymous.md new file mode 100644 index 0000000..968af24 --- /dev/null +++ b/_wadcoms/NetExec-Enum-SMB-Anonymous.md @@ -0,0 +1,22 @@ +--- +description: | + "NetExec (a.k.a nxc) is a network service exploitation tool that helps automate assessing the security of large networks." - https://www.netexec.wiki/. This command will enumerate the SMB host using anonymous access. + + Command Reference: + + Target IP: 10.10.10.1 + +command: | + nxc smb 10.10.10.1 -u 'a' -p '' +items: + - No_Creds +services: + - SMB +attack_types: + - Enumeration +OS: + - Linux +references: + - https://github.com/Pennyw0rth/NetExec + - https://www.netexec.wiki/ +--- diff --git a/_wadcoms/NetExec-Enum-SMB-Null.md b/_wadcoms/NetExec-Enum-SMB-Null.md new file mode 100644 index 0000000..80626d3 --- /dev/null +++ b/_wadcoms/NetExec-Enum-SMB-Null.md @@ -0,0 +1,22 @@ +--- +description: | + "NetExec (a.k.a nxc) is a network service exploitation tool that helps automate assessing the security of large networks." - https://www.netexec.wiki/. This command will enumerate the SMB host using a null session. + + Command Reference: + + Target IP: 10.10.10.1 + +command: | + nxc smb 10.10.10.1 -u '' -p '' +items: + - No_Creds +services: + - SMB +attack_types: + - Enumeration +OS: + - Linux +references: + - https://github.com/Pennyw0rth/NetExec + - https://www.netexec.wiki/ +--- diff --git a/_wadcoms/NetExec-Enum-SMB-Relay-List.md b/_wadcoms/NetExec-Enum-SMB-Relay-List.md new file mode 100644 index 0000000..92d1a0f --- /dev/null +++ b/_wadcoms/NetExec-Enum-SMB-Relay-List.md @@ -0,0 +1,22 @@ +--- +description: | + "NetExec (a.k.a nxc) is a network service exploitation tool that helps automate assessing the security of large networks." - https://www.netexec.wiki/. The following command will enumerate a list of SMB hosts with signing not enforced, allowing you to relay credentials to them using ntlmrelayx.py. + + Command Reference: + + SMB Hosts: smb_hosts.txt + +command: | + nxc smb smb_host.txt --gen-relay-list output.txt +items: + - No_Creds +services: + - SMB +attack_types: + - Enumeration +OS: + - Linux +references: + - https://github.com/Pennyw0rth/NetExec + - https://www.netexec.wiki/ +--- diff --git a/_wadcoms/NetExec-Enum-SMB.md b/_wadcoms/NetExec-Enum-SMB.md new file mode 100644 index 0000000..04ff62e --- /dev/null +++ b/_wadcoms/NetExec-Enum-SMB.md @@ -0,0 +1,27 @@ +--- +description: | + "NetExec (a.k.a nxc) is a network service exploitation tool that helps automate assessing the security of large networks." - https://www.netexec.wiki/. This command will enumerate domain groups, local groups, logged on users, relative identifiers (RIDs), sessions, domain users, SMB shares/permissions, and get the domain password policy. You can also use CIDR notation to target a range of ip addresses (i.e. 10.10.10.0/24). + + Command Reference: + + Target IP: 10.10.10.1 + + Username: john + + Password: password123 + +command: | + nxc smb 10.10.10.1 -u 'john' -p 'password123' --groups --local-groups --loggedon-users --rid-brute --sessions --users --shares --pass-pol +items: + - Username + - Password +services: + - SMB +attack_types: + - Enumeration +OS: + - Linux +references: + - https://github.com/Pennyw0rth/NetExec + - https://www.netexec.wiki/ +--- diff --git a/_wadcoms/NetExec-Exec-SMB.md b/_wadcoms/NetExec-Exec-SMB.md new file mode 100644 index 0000000..e645b69 --- /dev/null +++ b/_wadcoms/NetExec-Exec-SMB.md @@ -0,0 +1,27 @@ +--- +description: | + "NetExec (a.k.a nxc) is a network service exploitation tool that helps automate assessing the security of large networks." - https://www.netexec.wiki/. This command will execute a powershell command on the target machine if the user has Administrator privileges. using "-x" will execute from cmd. + + Command Reference: + + Target IP: 10.10.10.1 + + Username: john + + Password: password123 + +command: | + nxc smb 10.10.10.1 -u 'john' -p 'password123' -X '$Host' +items: + - Username + - Password +services: + - SMB +attack_types: + - Exploitation +OS: + - Linux +references: + - https://github.com/Pennyw0rth/NetExec + - https://www.netexec.wiki/ +--- diff --git a/_wadcoms/NetExec-SMB-Password-Spray.md b/_wadcoms/NetExec-SMB-Password-Spray.md new file mode 100644 index 0000000..bc0dc97 --- /dev/null +++ b/_wadcoms/NetExec-SMB-Password-Spray.md @@ -0,0 +1,26 @@ +--- +description: | + "NetExec (a.k.a nxc) is a network service exploitation tool that helps automate assessing the security of large networks." - https://www.netexec.wiki/. This command will perform password spraying over SMB against the domain controller. + + Command Reference: + + Domain Controller IP: 10.10.10.1 + + Username List: users.txt + + Password: password123 + +command: | + nxc smb 10.10.10.1 -u users.txt -p password123 +items: + - Username +services: + - SMB +attack_types: + - Exploitation +OS: + - Linux +references: + - https://github.com/Pennyw0rth/NetExec + - https://www.netexec.wiki/ +---