Automated Host Recon, Persistence and Exfiltration

Bank Security
Jan 8 · 2 min read

Batch script to automate collection, credential dumping, discovery and exfiltration techniques

CONTEXT

Each time during a red team or a PT we always find ourselves performing manual reconnaissance actions before deciding how to move laterally or perform more aggressive post exploitation actions.

This article will give you a vision of how to automate the initial reconnaissance actions without user interaction by presenting “actionable” results. Let’s see how …

AUTOMATED SCRIPT

Automatically collected information:

The script then automatically loads all the data collected on Pastebin using this script: link, copy itself in the Startup folder as persistence mechanism and opens a reverse shell to your C2 (link).

There are also a couple of extras that can be added at will. One dedicated to taking a screenshot (different techniques here: link), the other to recover the outlook passwords (here a couple of techniques: link) and the last one recording the victim’s PC audio using the default microphone on Windows 7 and 8 (link) or for the others this could be fine but currently detected by different AVs: link

AUTO_RECON.bat script:

Putting all the techniques described above all together here the result:

https://github.com/BankSecurity/Red_Team/blob/master/AUTO_RECON.bat

Auto Recon Script

Here the video demonstration:

AUTO_RECON.bat

You can customize the script as you prefer and add techniques based on what you need.
In my GitHub you can find all the techniques and scripts used with even more or less undetectable variants:

https://github.com/BankSecurity/Red_Team

At the time of writing, the script and the techniques contained within it bypass Windows Defender. As always, I recommend having a hunting team capable of detecting these normally “lawful” activities through custom alerts.

Enjoy Threat Hunting!

Follow me on Twitter:

and GitHub:

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade