2020-02-06 21:27:00 +01:00
# HackingScripts
This repository contains self-made and common scripts for information gathering, enumeration and more.
2023-10-05 10:21:13 +02:00
### What is this?
I use this repository mostly for automated exploit chains. HackTheBox machines often involve steps like spawning a http server, serving a file, extracting content, steal data through custom DNS/FTP/SSH servers, spawning a reverse shell etc. Using this library I implement a script-to-root mechanism to chain all these steps together. Since the repository also includes lots of common payloads and binaries, I didn't want to put it on PyPI. If you got any recommendations for me, feel free to contact me!
2023-09-13 21:16:52 +02:00
### Installation
```bash
2024-02-14 12:52:00 +01:00
PYTHON_DIR=$(python -c "import sys;print(sys.path[-1])")
# clone directly into python site-packages
git clone https://git.romanh.de/Roman/HackingScripts.git $PYTHON_DIR/hackingscripts
# or use a symlink
git clone https://git.romanh.de/Roman/HackingScripts.git
sudo ln -s $(pwd)/HackingScripts $PYTHON_DIR/hackingscripts
# Install requirements
pip3 install -r $PYTHON_DIR/hackingscripts/requirements.txt
2023-09-13 21:16:52 +02:00
```
2020-02-06 21:27:00 +01:00
### Enumeration: Initial Scans
2020-06-08 14:28:22 +02:00
- first_scan.sh: Performs initial nmap scan
2020-02-06 21:28:27 +01:00
- gobuster.sh: Performs gobuster dir scan with raft-large-words-lowercase.txt
2020-06-02 15:35:03 +02:00
- subdomainFuzz.sh: Fuzzes subdomains for a given domain
2023-12-11 09:30:13 +01:00
- [ssh-check-username.py ](https://www.exploit-db.com/exploits/45939 ): Check if user enumeration works for ssh
- [git-dumper.py ](https://github.com/arthaud/git-dumper )
2020-02-06 21:27:00 +01:00
2020-09-16 17:27:58 +02:00
### Enumeration: Privilege Escalation & Pivoting
2020-02-23 12:33:34 +01:00
- [LinEnum.sh ](https://github.com/rebootuser/LinEnum )
- [linpeas.sh ](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite )
2020-02-06 21:27:00 +01:00
- lse.sh
- unix-privesc-check.sh
2020-02-23 12:33:34 +01:00
- [uptux.py ](https://github.com/initstring/uptux )
- [pspy64 ](https://github.com/DominicBreuker/pspy )
2020-09-16 17:27:58 +02:00
- portscan.py: small python script, which scans open TCP ports natively with multithread support.
Can be deployed on victim machines to scan the intranet.
- pingscan.py: small python script, which can detect internal hosts via ping probes natively.
Can be deployed on victim machines to scan the intranet.
- [deepce.sh ](https://github.com/stealthcopter/deepce ): Docker Privilege Escalation (e.g. exposed socket)
2024-02-14 13:00:30 +01:00
- [socat ](https://github.com/3ndG4me/socat )
2020-02-06 21:27:00 +01:00
### Reverse Shell: Payloads
2023-12-11 09:30:13 +01:00
- rev_shell.py: Generates a reverse shell command (e.g. netcat, python, ...)
2020-02-23 12:33:34 +01:00
- [php-reverse-shell.php ](https://github.com/pentestmonkey/php-reverse-shell )
- [p0wny-shell.php ](https://github.com/flozz/p0wny-shell )
2021-10-05 21:55:08 +02:00
- [aspx-reverse-shell.aspx ](https://github.com/borjmz/aspx-reverse-shell )
- jsp-webshell.jsp: webshell for Java servlets
2020-02-06 21:27:00 +01:00
### Miscellaneous
- upload_file.py: Starts a local tcp server, for netcat usage
2020-06-02 15:35:03 +02:00
- xss_handler.py: Starts a local http server and generates xss payload to steal cookies
2020-04-09 16:06:08 +02:00
- [padBuster.pl ](https://github.com/AonCyberLabs/PadBuster )
2020-09-16 17:27:58 +02:00
- sql.php: Execute sql queries passed via GET/POST
- util.py: Collection of some small functions
2020-09-27 15:18:48 +02:00
- fileserver.py: Create a temporary http server serving in-memory files
2021-10-05 21:55:08 +02:00
- dnsserver.py: Create a temporary dns server responding dynamically to basic DNS requests (in-memory)
2023-12-11 09:30:13 +01:00
- sshserver.py: Create a temporary ssh server to intercept credentials (TODO: relay) (in-memory)
- smtpserver.py: Create a temporary smtp server (in-memory)
- template.py: Creates a template for web exploits, similar to pwnlib's template
- pcap_file_extract.py: Lists and extracts files from http connections found in pcap files
- find_git_commit.py: Compares a local repository (e.g. downloaded from a remote server) with another git repository to guess the commit hash. Useful to find used versions
- TODO: smb
2024-02-25 09:44:52 +01:00
- sqli.py: An sqlmap-like abstract class for automizing SQL-Injections (WIP)
2020-09-16 17:27:58 +02:00
2023-12-11 09:30:13 +01:00
### [Windows](win/)
2020-09-27 15:18:48 +02:00
- nc.exe/nc64.exe: netcat standalone binary
- [mimikatz.exe ](https://github.com/gentilkiwi/mimikatz )
- [plink.exe ](https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html ): command line PuTTY client for port forwarding
- [powercat.ps1 ](https://github.com/besimorhino/powercat )
- [winPEAS.bat ](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite )
- PowerView.ps1
- [SharpHound.exe ](https://github.com/BloodHoundAD/SharpHound3 ): BloodHound Ingestor
- [windows-exploit-suggester.py ](https://github.com/AonCyberLabs/Windows-Exploit-Suggester )
- [aspx-reverse-shell.aspx ](https://github.com/borjmz/aspx-reverse-shell )
2024-02-14 13:32:32 +01:00
- [xp_cmdshell.py ](https://github.com/0xalwayslucky/pentesting-tools ) (thanks to [@alwayslucky ](https://github.com/0xalwayslucky ))
2024-02-14 13:00:30 +01:00
- [PetitPotam.py ](https://github.com/topotam/PetitPotam )
- [socat.exe ](https://github.com/3ndG4me/socat )
2024-02-14 13:32:32 +01:00
- TODO: add all Potatoes
2024-02-14 12:52:00 +01:00
### Example API-Usage
TODO: Add some example code or bash commands on how to use the custom libraries, e.g. fileserver, xss_handler, etc.
