-
Notifications
You must be signed in to change notification settings - Fork 404
174 lines (164 loc) · 5.62 KB
/
checker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
name: NetExec Checker
on:
pull_request:
branches: [ main ]
workflow_dispatch:
jobs:
lint:
uses: ./.github/workflows/lint.yml
nxc-smb:
runs-on: windows-latest
needs: [lint]
# technique stolen from @Hackndo my best friend for life <3
steps:
- name: Create new user
run: |
net user nxc Pwn3d!!! /add
- name: Add to local admin
run: |
net localgroup Administrators nxc /add
- name: Update registry key
run: |
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
- name: Checkout code
uses: actions/checkout@v2
- name: Setup Python
uses: actions/setup-python@v2
with:
python-version: '3.11'
- name: Install poetry
run: |
pipx install poetry --python python${{ matrix.python-version }}
poetry --version
poetry env info
- name: Install libraries without dev group
run: |
poetry install
- name: Dumping sam
run: |
poetry run netexec smb %COMPUTERNAME% -u nxc -p Pwn3d!!! --sam
- name: Dumping lsa
run: |
poetry run netexec smb %COMPUTERNAME% -u nxc -p Pwn3d!!! --lsa
- name: Dumping dpapi
run: |
poetry run netexec smb %COMPUTERNAME% -u nxc -p Pwn3d!!! --dpapi
- name: Dumping with lsassy
run: |
poetry run netexec smb %COMPUTERNAME% -u nxc -p Pwn3d!!! -M lsassy
- name: Exec command
run: |
poetry run netexec smb %COMPUTERNAME% -u nxc -p Pwn3d!!! -x whoami --exec-method=smbexec
poetry run netexec smb %COMPUTERNAME% -u nxc -p Pwn3d!!! -x whoami --exec-method=wmiexec
poetry run netexec smb %COMPUTERNAME% -u nxc -p Pwn3d!!! -x whoami --exec-method=atexec
poetry run netexec smb %COMPUTERNAME% -u nxc -p Pwn3d!!! -x whoami --exec-method=mmcexec
- name: Dumping with procdump
run: |
poetry run netexec --verbose smb %COMPUTERNAME% %COMPUTERNAME% %COMPUTERNAME% -u nxc -p Pwn3d!!! -M procdump
nxc-winrm:
runs-on: windows-latest
needs: [lint]
# technique stolen from @Hackndo my best friend for life <3
steps:
- name: Create new user
run: |
net user nxc Pwn3d!!! /add
- name: Add to local admin
run: |
net localgroup Administrators nxc /add
- name: Update registry key
run: |
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
- name: Enable WinRM
run: |
winrm quickconfig -quiet
- name: Checkout code
uses: actions/checkout@v2
- name: Setup Python
uses: actions/setup-python@v2
with:
python-version: '3.11'
- name: Install poetry
run: |
pipx install poetry --python python${{ matrix.python-version }}
poetry --version
poetry env info
- name: Install libraries without dev group
run: |
poetry install
- name: Dumping sam
run: |
poetry run netexec winrm 127.0.0.1 -u nxc -p Pwn3d!!! --sam
- name: Dumping lsa
run: |
poetry run netexec winrm 127.0.0.1 -u nxc -p Pwn3d!!! --lsa
- name: Exec command
run: |
poetry run netexec winrm 127.0.0.1 -u nxc -p Pwn3d!!! -x whoami
nxc-rdp:
runs-on: windows-latest
needs: [lint]
# technique stolen from @Hackndo my best friend for life <3
steps:
- name: Create new user
run: |
net user nxc Pwn3d!!! /add
- name: Add to local admin
run: |
net localgroup Administrators nxc /add
- name: Update registry key
run: |
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
- name: Update registry key rdo
run: |
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
- name: Open Firewall
run: |
netsh advfirewall firewall add rule name="Open Remote Desktop" protocol=TCP dir=in localport=3389 action=allow
- name: Checkout code
uses: actions/checkout@v2
- name: Setup Python
uses: actions/setup-python@v2
with:
python-version: '3.11'
- name: Install poetry
run: |
pipx install poetry --python python3.11
poetry --version
poetry env info
- name: Install libraries without dev group
run: |
poetry install
- name: Checking rdp
run: |
poetry run netexec rdp 127.0.0.1
- name: Checking auth
run: |
poetry run netexec rdp 127.0.0.1 -u nxc -p Pwn3d!!!
nxc-ssh:
runs-on: ubuntu-latest
needs: [lint]
# technique stolen from @Hackndo my best friend for life <3
steps:
- name: Enable ssh
run: |
sudo apt update
sudo apt install openssh-server
sudo systemctl status ssh
- name: Checkout code
uses: actions/checkout@v2
- name: Setup Python
uses: actions/setup-python@v2
with:
python-version: '3.11'
- name: Install poetry
run: |
pipx install poetry --python python${{ matrix.python-version }}
poetry --version
poetry env info
- name: Install libraries without dev group
run: |
poetry install
- name: Connection with user
run: |
poetry run netexec ssh 127.0.0.1