VBA Macros:

https://gist.github.com/mgeeky/9dee0ac86c65cdd9cb5a2f64cef51991

Template Injection:

HTML Smuggling:

Nishang Out-Word script:

Microsoft HTA Files:

Nishang Reverse TCP Payload:

https://raw.githubusercontent.com/samratashok/nishang/master/Shells/Invoke-PowerShellTcp.ps1

Powershell Reverse TCP:

https://gist.githubusercontent.com/staaldraad/204928a6004e89553a8d3db0ce527fd5/raw/fe5f74ecfae7ec0f2d50895ecf9ab9dafe253ad4/mini-reverse.ps1
https://github.com/antonioCoco/ConPtyShell/blob/master/Invoke-ConPtyShell.ps1

Additional Resources:

https://github.com/mdsecactivebreach/SharpShooter
https://www.hackingarticles.in/powershell-for-pentester-windows-reverse-shell/

Writable by normal users directories:

C:\Windows\Tasks
C:\Windows\Temp
C:\windows\tracing
C:\Windows\Registration\CRMLog
C:\Windows\System32\FxsTmp
C:\Windows\System32\com\dmp
C:\Windows\System32\Microsoft\Crypto\RSA\MachineKeys
C:\Windows\System32\spool\PRINTERS
C:\Windows\System32\spool\SERVERS
C:\Windows\System32\spool\drivers\color
C:\Windows\System32\Tasks\Microsoft\Windows\SyncCenter
C:\Windows\System32\Tasks_Migrated (after peforming a version upgrade of Windows 10)
C:\Windows\SysWOW64\FxsTmp
C:\Windows\SysWOW64\com\dmp
C:\Windows\SysWOW64\Tasks\Microsoft\Windows\SyncCenter
C:\Windows\SysWOW64\Tasks\Microsoft\Windows\PLA\System

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Initial Compromise.md

Initial Compromise.md

VBA Macros:

Template Injection:

HTML Smuggling:

Nishang Out-Word script:

Microsoft HTA Files:

Nishang Reverse TCP Payload:

Powershell Reverse TCP:

Additional Resources:

Writable by normal users directories:

Files

Initial Compromise.md

Latest commit

History

Initial Compromise.md

File metadata and controls

VBA Macros:

Template Injection:

HTML Smuggling:

Nishang Out-Word script:

Microsoft HTA Files:

Nishang Reverse TCP Payload:

Powershell Reverse TCP:

Additional Resources:

Writable by normal users directories: