Initial Access Tactics, techniques and procedures
Phishing
- https://0xboku.com/2021/07/12/ArtOfDeviceCodePhish.html
- https://medium.com/maltrak/com-objects-p-2-your-stealthy-fileless-attack-bf78318d9165
- https://infosecwriteups.com/recipe-for-a-successful-phishing-campaign-part-1-2-dc23d927ec55
- https://www.xanthus.io/mastering-the-simulated-phishing-attack
- https://github.com/Arno0x/EmbedInHTML
- https://github.com/L4bF0x/PhishingPretexts
- http://lockboxx.blogspot.com/2018/12/gophish-evilginx2-for-phishing.html
- https://book.hacktricks.xyz/phishing-methodology
- https://outflank.nl/blog/2020/03/30/mark-of-the-web-from-a-red-teams-perspective
- https://delta.navisec.io/a-pentesters-guide-part-4-grabbing-hashes-and-forging-external-footholds/
- https://www.rootshellsecurity.net/ntlm_theft-a-tool-for-file-based-forced-ntlm-hash-disclosure/
- https://getgophish.com/ Be sure to remove the identifying headers gophish adds
- https://github.com/curtbraz/PhishAPI
- https://github.com/edoverflow/can-i-take-over-xyz
- https://blog.sublimesecurity.com/red-team-techniques-gaining-access-on-an-external-engagement-through-spear-phishing/
Password Attacks
Groups like Lapsus$ show's the world that you don't need to be a great technical hacker to pwn massive corporations and if common password and multi-factor authentication (MFA) attacks work on the likes of Uber, Rockstar games, Okta and so on then they will work on our hacktivist targets!
If your target uses multi-factor authentication you can try either social engineering or MFA fatigue.
username creation based on recon/osint
- https://github.com/Mebus/cupp [Free]
- https://github.com/digininja/RSMangler [Free]
- https://github.com/sc0tfree/mentalist [Free]
- https://github.com/urbanadventurer/username-anarchy [Free]
Passwords
- https://github.com/danielmiessler/SecLists/tree/master/Passwords [Free]
- https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt [Free]
password cracking tools
- https://www.kali.org/tools/ncrack/ [Free]
- https://www.kali.org/tools/wfuzz/ [Free]
- https://www.kali.org/tools/medusa/ [Free]
- https://www.kali.org/tools/patator/ [Free]
- https://www.kali.org/tools/hydra/ [Free]
- https://www.kali.org/tools/brutespray/ [Free]
Searching leaks
- https://github.com/khast3x/h8mail [Free but includes paid for services]
Services
Please note: DO NOT use intelx[.]io as they have been seen doxing hackers in the past and block the use of VPNs, proxies and Tor. AVOID!
- https://haveibeenpwned.com/ [Free]
- https://haveibeenpwned.com/Pastes [Free]
- https://github.com/vysecurity/LinkedInt
- https://leak-lookup.com/ [Paid. Accepts crypto (XMR & BTC)]
Buying Access
You can use the genesis market to purchase credentials stolen from targets through the use of info stealer malware. Search your target here to see if you can make a quick win gaining access to an admin account. Any account that allows internal access is always a great start. Invites can be found on forums and markets.
Password spraying
- https://github.com/dafthack/MSOLSpray [Free]
- https://pentestlab.blog/2019/09/05/microsoft-exchange-password-spraying/ [Free]
- https://github.com/blacklanternsecurity/TREVORspray [Free]