9.10. 操作系统持久化

9.10.1. Windows

9.10.1.1. 凭证获取

• mimikatz

• RdpThief Extracting Clear Text Passwords from mstsc.exe using API Hooking

• quarkspwdump Dump various types of Windows credentials without injecting in any process

• SharpDump C# port of PowerSploit’s Out-Minidump.ps1 functionality

9.10.1.2. 权限提升

• WindowsExploits

• GTFOBins Curated list of Unix binaries that can be exploited to bypass system security restrictions

• JAWS Just Another Windows (Enum) Script

9.10.1.3. UAC Bypass

• WinPwnage UAC bypass, Elevate, Persistence and Execution methods

• UACME Defeating Windows User Account Control

• UAC Bypass In The Wild

9.10.1.4. 免杀

• SigThief Stealing Signatures and Making One Invalid Signature at a Time

9.10.1.5. C2

• SharpSploit .NET post-exploitation library written in C#

• Koadic is a Windows post-exploitation rootkit

9.10.1.6. 隐藏

• ProcessHider Post-exploitation tool for hiding processes from monitoring applications

• Invoke Phant0m Windows Event Log Killer

• EventCleaner A tool mainly to erase specified records from Windows event logs, with additional functionalities

9.10.1.7. 伪造

• parent PID spoofing Scripts for performing and detecting parent PID spoofing

• GetSystem This is a C# implementation of making a process/executable run as NT AUTHORITY/SYSTEM. This is achieved through parent ID spoofing of almost any SYSTEM process.

9.10.1.8. 综合工具

• Nishang Offensive PowerShell for red team, penetration testing and offensive security

9.10.2. Linux

9.10.2.1. 权限提升

• linux exploit suggester

• LinEnum Scripted Local Linux Enumeration & Privilege Escalation Checks

• AutoLocalPrivilegeEscalation

9.10.2.2. rootkit

• rootkit

9.10.2.3. 后门

• prism is an user space stealth reverse shell backdoor

• icmpsh Simple reverse ICMP shell

9.10.3. 综合

9.10.3.1. 凭证获取

• sshLooterC program to steal passwords from ssh

• keychaindump A proof-of-concept tool for reading OS X keychain passwords

• LaZagne Credentials recovery project

9.10.3.2. 权限提升

• BeRoot Privilege Escalation Project - Windows / Linux / Mac

9.10.3.3. RAT

• QuasarRAT

9.10.3.4. C2

• Empire

• pupy

• Covenant is a collaborative .NET C2 framework for red teamers

9.10.3.5. DNS Shell

• DNS Shell DNS-Shell is an interactive Shell over DNS channel

• Reverse DNS Shell A python reverse shell that uses DNS as the c2 channel

9.10.3.6. Cobalt Strike

• Cobalt Strike

• CrossC2 generate CobaltStrike’s cross-platform payload

• Cobalt Strike Aggressor Scripts

9.10.3.7. 日志清除

• Log killer Clear all logs in [linux/windows] servers

9.10.3.8. Botnet

• byob Build Your Own Botnet

9.10.3.9. 免杀工具

• AV Evasion Tool 掩日 - 免杀执行器生成工具

• DKMC Dont kill my cat - Malicious payload evasion tool