forked from HackTricks-wiki/hacktricks
-
Notifications
You must be signed in to change notification settings - Fork 12
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #4 from mrg3ntl3m4n/traducao-ptbr
Update post-exploitation.md
- Loading branch information
Showing
1 changed file
with
9 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,17 +1,14 @@ | ||
| # Post Exploitation | ||
| # Pós Exploração | ||
|
|
||
| ### **Local l00t** | ||
|
|
||
| * \*\*\*\*[**PEASS-ng**](https://github.com/carlospolop/PEASS-ng): These scripts, apart for looking for PE vectors, will look for sensitive information inside the filesystem. | ||
| * \*\*\*\*[**LaZagne**](https://github.com/AlessandroZ/LaZagne): The **LaZagne project** is an open source application used to **retrieve lots of passwords** stored on a local computer. Each software stores its passwords using different techniques \(plaintext, APIs, custom algorithms, databases, etc.\). This tool has been developed for the purpose of finding these passwords for the most commonly-used software. | ||
|
|
||
| ### **External Services** | ||
|
|
||
| * \*\*\*\*[**Conf-Thief**](https://github.com/antman1p/Conf-Thief): This Module will connect to Confluence's API using an access token, export to PDF, and download the Confluence documents that the target has access to. | ||
| * \*\*\*\*[**GD-Thief**](https://github.com/antman1p/GD-Thief): Red Team tool for exfiltrating files from a target's Google Drive that you\(the attacker\) has access to, via the Google Drive API. This includes includes all shared files, all files from shared drives, and all files from domain drives that the target has access to. | ||
| * \*\*\*\*[**GDir-Thief**](https://github.com/antman1p/GDir-Thief): Red Team tool for exfiltrating the target organization's Google People Directory that you have access to, via Google's People API. | ||
| * \*\*\*\*[**SlackPirate**](https://github.com/emtunc/SlackPirate)**:** This is a tool developed in Python which uses the native Slack APIs to extract 'interesting' information from a Slack workspace given an access token. | ||
| * \*\*\*\*[**Slackhound**](https://github.com/BojackThePillager/Slackhound): Slackhound is a command line tool for red and blue teams to quickly perform reconnaissance of a Slack workspace/organization. Slackhound makes collection of an organization's users, files, messages, etc. quickly searchable and large objects are written to CSV for offline review. | ||
|
|
||
| * \*\*\*\*[**PEASS-ng**](https://github.com/carlospolop/PEASS-ng): Esses scripts, além de procurar por vetores de escalação de privilégios, irão procurar por informações sensíveis dentro do sistema de arquivos. | ||
| * \*\*\*\*[**LaZagne**](https://github.com/AlessandroZ/LaZagne): O **projeto LaZagne** é uma aplicação de código aberto usada para **recuperar muitas senhas** armazenadas em um computador local. Cada software armazena suas senhas usando diferentes técnicas \(texto simples, APIs, algoritmos personalizados, bancos de dados, etc.\). | ||
|
|
||
| ### **Serviços Externos** | ||
|
|
||
| * \*\*\*\*[**Conf-Thief**](https://github.com/antman1p/Conf-Thief): Esse módulo irá se conectar à API do Confluence usando um token de acesso, exportará para PDF e fará o download dos documentos do Confluence que o alvo tem acesso. | ||
| * \*\*\*\*[**GD-Thief**](https://github.com/antman1p/GD-Thief): Ferramenta de Red Team para exfiltrar arquivos do Google Drive de um alvo que você (o atacante) tem acesso através da API do Google Drive. Isso inclui todos os arquivos compartilhados, todos os arquivos de drives compartilhados e todos os arquivos de drives de domínio que o alvo tem acesso. | ||
| * \*\*\*\*[**GDir-Thief**](https://github.com/antman1p/GDir-Thief): Ferramenta de Red Team para exfiltrar o diretório de pessoas do Google da organização do alvo que você tem acesso, através da API de pessoas do Google. | ||
| * \*\*\*\*[**SlackPirate**](https://github.com/emtunc/SlackPirate)**:** Esta é uma ferramenta desenvolvida em Python que usa as APIs nativas do Slack para extrair informações 'interessantes' de um espaço de trabalho do Slack dado um token de acesso. | ||
| * \*\*\*\*[**Slackhound**](https://github.com/BojackThePillager/Slackhound): O Slackhound é uma ferramenta de linha de comando para times de red e blue realizarem de forma rápida o reconhecimento de um espaço de trabalho/organização do Slack. O Slackhound torna a coleta de usuários, arquivos, mensagens, etc. de uma organização rapidamente pesquisável e grandes objetos são gravados em CSV para revisão offline. |