diff --git a/JSON Web Token/README.md b/JSON Web Token/README.md index b4ee1c7..858589f 100644 --- a/JSON Web Token/README.md +++ b/JSON Web Token/README.md @@ -4,7 +4,6 @@ ## Summary -- [Summary](#summary) - [Tools](#tools) - [JWT Format](#jwt-format) - [Header](#header) @@ -29,10 +28,11 @@ ## Tools -- [ticarpi/jwt_tool](https://github.com/ticarpi/jwt_tool) -- [brendan-rius/c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker) -- [JOSEPH - JavaScript Object Signing and Encryption Pentesting Helper](https://portswigger.net/bappstore/82d6c60490b540369d6d5d01822bdf61) -- [jwt.io - Encoder – Decoder](https://jwt.io/) +- [ticarpi/jwt_tool](https://github.com/ticarpi/jwt_tool) - 🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens +- [brendan-rius/c-jwt-cracker](https://github.com/brendan-rius/c-jwt-cracker) - JWT brute force cracker written in C +- [PortSwigger/JOSEPH](https://portswigger.net/bappstore/82d6c60490b540369d6d5d01822bdf61) - JavaScript Object Signing and Encryption Pentesting Helper +- [jwt.io](https://jwt.io/) - Encoder/Decoder + ## JWT Format @@ -48,6 +48,7 @@ eyJzdWIiOiIxMjM0[...]kbWluIjp0cnVlfQ # payload UL9Pz5HbaMdZCV9cS9OcpccjrlkcmLovL2A2aiKiAOY # signature ``` + ### Header Registered header parameter names defined in [JSON Web Signature (JWS) RFC](https://www.rfc-editor.org/rfc/rfc7515). @@ -502,29 +503,29 @@ You should create your own key pair for this attack and host it. It should look ## Labs -* [JWT authentication bypass via unverified signature](https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-unverified-signature) -* [JWT authentication bypass via flawed signature verification](https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-flawed-signature-verification) -* [JWT authentication bypass via weak signing key](https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-weak-signing-key) -* [JWT authentication bypass via jwk header injection](https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-jwk-header-injection) -* [JWT authentication bypass via jku header injection](https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-jku-header-injection) -* [JWT authentication bypass via kid header path traversal](https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-kid-header-path-traversal) +* [PortSwigger - JWT authentication bypass via unverified signature](https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-unverified-signature) +* [PortSwigger - JWT authentication bypass via flawed signature verification](https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-flawed-signature-verification) +* [PortSwigger - JWT authentication bypass via weak signing key](https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-weak-signing-key) +* [PortSwigger - JWT authentication bypass via jwk header injection](https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-jwk-header-injection) +* [PortSwigger - JWT authentication bypass via jku header injection](https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-jku-header-injection) +* [PortSwigger - JWT authentication bypass via kid header path traversal](https://portswigger.net/web-security/jwt/lab-jwt-authentication-bypass-via-kid-header-path-traversal) ## References -- [5 Easy Steps to Understanding JSON Web Token](https://medium.com/cyberverse/five-easy-steps-to-understand-json-web-tokens-jwt-7665d2ddf4d5) -- [Attacking JWT authentication - Sep 28, 2016 - Sjoerd Langkemper](https://www.sjoerdlangkemper.nl/2016/09/28/attacking-jwt-authentication/) -- [Club EH RM 05 - Intro to JSON Web Token Exploitation - Nishacid](https://www.youtube.com/watch?v=d7wmUz57Nlg) -- [Critical vulnerabilities in JSON Web Token libraries - March 31, 2015 - Tim McLean](https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries//) -- [Hacking JSON Web Token (JWT) - Hate_401](https://medium.com/101-writeups/hacking-json-web-token-jwt-233fe6c862e6) -- [Hacking JSON Web Tokens - From Zero To Hero Without Effort - Websecurify Blog](https://web.archive.org/web/20220305042224/https://blog.websecurify.com/2017/02/hacking-json-web-tokens.html) -- [Hacking JSON Web Tokens - medium.com Oct 2019](https://medium.com/swlh/hacking-json-web-tokens-jwts-9122efe91e4a) -- [HITBGSEC CTF 2017 - Pasty (Web) - amon (j.heng)](https://nandynarwhals.org/hitbgsec2017-pasty/) -- [How to Hack a Weak JWT Implementation with a Timing Attack - Jan 7, 2017 - Tamas Polgar](https://hackernoon.com/can-timing-attack-be-a-practical-security-threat-on-jwt-signature-ba3c8340dea9) -- [JSON Web Token Validation Bypass in Auth0 Authentication API - Ben Knight Senior Security Consultant - April 16, 2020](https://insomniasec.com/blog/auth0-jwt-validation-bypass) -- [JSON Web Token Vulnerabilities - 0xn3va](https://0xn3va.gitbook.io/cheat-sheets/web-application/json-web-token-vulnerabilities) -- [JWT Hacking 101 - TrustFoundry - Tyler Rosonke - December 8th, 2017](https://trustfoundry.net/jwt-hacking-101/) -- [Learn how to use JSON Web Tokens (JWT) for Authentication - @dwylhq](https://github.com/dwyl/learn-json-web-tokens) -- [Privilege Escalation like a Boss - October 27, 2018 - janijay007](https://blog.securitybreached.org/2018/10/27/privilege-escalation-like-a-boss/) -- [Simple JWT hacking - @b1ack_h00d](https://medium.com/@blackhood/simple-jwt-hacking-73870a976750) -- [WebSec CTF - Authorization Token - JWT Challenge](https://ctf.rip/websec-ctf-authorization-token-jwt-challenge/) -- [Write up – JRR Token – LeHack 2019 - 07/07/2019 - LAPHAZE](https://web.archive.org/web/20210512205928/https://rootinthemiddle.org/write-up-jrr-token-lehack-2019/) \ No newline at end of file +- [5 Easy Steps to Understanding JSON Web Token - Shaurya Sharma - December 21, 2019](https://medium.com/cyberverse/five-easy-steps-to-understand-json-web-tokens-jwt-7665d2ddf4d5) +- [Attacking JWT authentication - Sjoerd Langkemper - September 28, 2016](https://www.sjoerdlangkemper.nl/2016/09/28/attacking-jwt-authentication/) +- [Club EH RM 05 - Intro to JSON Web Token Exploitation - Nishacid - February 23, 2023](https://www.youtube.com/watch?v=d7wmUz57Nlg) +- [Critical vulnerabilities in JSON Web Token libraries - Tim McLean - March 31, 2015](https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries//) +- [Hacking JSON Web Token (JWT) - pwnzzzz - May 3, 2018](https://medium.com/101-writeups/hacking-json-web-token-jwt-233fe6c862e6) +- [Hacking JSON Web Tokens - From Zero To Hero Without Effort - Websecurify - February 9, 2017](https://web.archive.org/web/20220305042224/https://blog.websecurify.com/2017/02/hacking-json-web-tokens.html) +- [Hacking JSON Web Tokens - Vickie Li - October 27, 2019](https://medium.com/swlh/hacking-json-web-tokens-jwts-9122efe91e4a) +- [HITBGSEC CTF 2017 - Pasty (Web) - amon (j.heng) - August 27, 2017](https://nandynarwhals.org/hitbgsec2017-pasty/) +- [How to Hack a Weak JWT Implementation with a Timing Attack - Tamas Polgar - January 7, 2017](https://hackernoon.com/can-timing-attack-be-a-practical-security-threat-on-jwt-signature-ba3c8340dea9) +- [JSON Web Token Validation Bypass in Auth0 Authentication API - Ben Knight - April 16, 2020](https://insomniasec.com/blog/auth0-jwt-validation-bypass) +- [JSON Web Token Vulnerabilities - 0xn3va - March 27, 2022](https://0xn3va.gitbook.io/cheat-sheets/web-application/json-web-token-vulnerabilities) +- [JWT Hacking 101 - TrustFoundry - Tyler Rosonke - December 8, 2017](https://trustfoundry.net/jwt-hacking-101/) +- [Learn how to use JSON Web Tokens (JWT) for Authentication - @dwylhq - May 3, 2022](https://github.com/dwyl/learn-json-web-tokens) +- [Privilege Escalation like a Boss - janijay007 - October 27, 2018](https://blog.securitybreached.org/2018/10/27/privilege-escalation-like-a-boss/) +- [Simple JWT hacking - Hari Prasanth (@b1ack_h00d) - March 7, 2019](https://medium.com/@blackhood/simple-jwt-hacking-73870a976750) +- [WebSec CTF - Authorization Token - JWT Challenge - Kris Hunt - August 7, 2016](https://ctf.rip/websec-ctf-authorization-token-jwt-challenge/) +- [Write up – JRR Token – LeHack 2019 - Laphaze - July 7, 2019](https://web.archive.org/web/20210512205928/https://rootinthemiddle.org/write-up-jrr-token-lehack-2019/) \ No newline at end of file diff --git a/Java RMI/README.md b/Java RMI/README.md index ea042de..41babea 100644 --- a/Java RMI/README.md +++ b/Java RMI/README.md @@ -136,6 +136,6 @@ run ## References -* [ATTACKING RMI BASED JMX SERVICES - HANS-MARTIN MÜNCH, 28 April 2019](https://mogwailabs.de/en/blog/2019/04/attacking-rmi-based-jmx-services/) -* [JMX RMI – MULTIPLE APPLICATIONS RCE - Red Timmy Security, 26 March 2019](https://www.exploit-db.com/docs/english/46607-jmx-rmi-–-multiple-applications-remote-code-execution.pdf) -* [remote-method-guesser - BHUSA 2021 Arsenal - Tobias Neitzel, 15 August 2021](https://www.slideshare.net/TobiasNeitzel/remotemethodguesser-bhusa2021-arsenal) +- [Attacking RMI based JMX services - Hans-Martin Münch - April 28, 2019](https://mogwailabs.de/en/blog/2019/04/attacking-rmi-based-jmx-services/) +- [JMX RMI - MULTIPLE APPLICATIONS RCE - Red Timmy Security - March 26, 2019](https://www.exploit-db.com/docs/english/46607-jmx-rmi-–-multiple-applications-remote-code-execution.pdf) +- [remote-method-guesser - BHUSA 2021 Arsenal - Tobias Neitzel - August 15, 2021](https://www.slideshare.net/TobiasNeitzel/remotemethodguesser-bhusa2021-arsenal) \ No newline at end of file diff --git a/LDAP Injection/README.md b/LDAP Injection/README.md index ca2fdd8..69b6a95 100644 --- a/LDAP Injection/README.md +++ b/LDAP Injection/README.md @@ -133,8 +133,6 @@ for i in world: print(fields) ``` -Ref. [5][5] - ### Special blind LDAP injection (without "*") ```python @@ -154,7 +152,6 @@ for i in range(50): break ``` -Ref. [5][5] ```ruby #!/usr/bin/env ruby @@ -182,16 +179,10 @@ By [noraj](https://github.com/noraj) ## References -* [OWASP LDAP Injection](https://www.owasp.org/index.php/LDAP_injection) -* [LDAP Blind Explorer](http://code.google.com/p/ldap-blind-explorer/) -* [ECW 2018 : Write Up - AdmYSsion (WEB - 50) - 0xUKN](https://0xukn.fr/posts/writeupecw2018admyssion/) -* [Quals ECW 2018 - Maki](https://maki.bzh/courses/blog/writeups/qualecw2018/) -* [How To Manage and Use LDAP Servers with OpenLDAP Utilities](https://www.digitalocean.com/community/tutorials/how-to-manage-and-use-ldap-servers-with-openldap-utilities) -* [How To Configure OpenLDAP and Perform Administrative LDAP Tasks](https://www.digitalocean.com/community/tutorials/how-to-configure-openldap-and-perform-administrative-ldap-tasks) -* SSH key authentication via LDAP - - [How to setup LDAP server for openssh-lpk](https://openssh-ldap-pubkey.readthedocs.io/en/latest/openldap.html) - - [openssh-lpk.ldif](https://github.com/Lullabot/openldap-schema/blob/master/openssh-lpk.ldif) - - [Setting up OpenLDAP server with OpenSSH-LPK on Ubuntu 14.04](https://blog.shichao.io/2015/04/17/setup_openldap_server_with_openssh_lpk_on_ubuntu.html) - - [SSH key authentication using LDAP](https://serverfault.com/questions/653792/ssh-key-authentication-using-ldap) - - [FR] [SSH et LDAP](https://wiki.lereset.org/ateliers:serveurmail:ldap-ssh) - - [SSH Public Keys in OpenLDAP](http://pig.made-it.com/ldap-openssh.html) \ No newline at end of file +- [[European Cyber Week] - AdmYSion - Alan Marrec (Maki)](https://www.maki.bzh/writeups/ecw2018admyssion/) +- [ECW 2018 : Write Up - AdmYSsion (WEB - 50) - 0xUKN - October 31, 2018](https://0xukn.fr/posts/writeupecw2018admyssion/) +- [How To Configure OpenLDAP and Perform Administrative LDAP Tasks - Justin Ellingwood - May 30, 2015](https://www.digitalocean.com/community/tutorials/how-to-configure-openldap-and-perform-administrative-ldap-tasks) +- [How To Manage and Use LDAP Servers with OpenLDAP Utilities - Justin Ellingwood - May 29, 2015](https://www.digitalocean.com/community/tutorials/how-to-manage-and-use-ldap-servers-with-openldap-utilities) +- [LDAP Blind Explorer - Alonso Parada - August 12, 2011](http://code.google.com/p/ldap-blind-explorer/) +- [LDAP Injection & Blind LDAP Injection - Chema Alonso, José Parada Gimeno - October 10, 2008](https://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdf) +- [LDAP Injection Prevention Cheat Sheet - OWASP - July 16, 2019](https://www.owasp.org/index.php/LDAP_injection) \ No newline at end of file diff --git a/LaTeX Injection/README.md b/LaTeX Injection/README.md index e4cdccf..2e756d2 100644 --- a/LaTeX Injection/README.md +++ b/LaTeX Injection/README.md @@ -1,8 +1,17 @@ # LaTex Injection -You might need to adjust injection with wrappers as `\[` or `$`. +## Summary -## Read file +* [Read File](#read-file) +* [Write File](#write-file) +* [Command Execution](#command-execution) +* [Cross Site Scripting](#cross-site-scripting) +* [References](#references) + + +## Read File + +You might need to adjust injection with wrappers as `\[` or `$`. Read file and interpret the LaTeX code in it: @@ -61,7 +70,7 @@ To bypass a blacklist try to replace one character with it's unicode hex value. \lstin^^70utlisting{/etc/passwd} ``` -## Write file +## Write File Write single lined file: @@ -74,7 +83,7 @@ Write single lined file: \closeout\outfile ``` -## Command execution +## Command Execution The output of the command will be redirected to stdout, therefore you need to use a temp file to get it. @@ -113,6 +122,6 @@ in [mathjax](https://docs.mathjax.org/en/latest/input/tex/extensions/unicode.htm ## References -* [Hacking with LaTeX - Sebastian Neef - 0day.work](https://0day.work/hacking-with-latex/) -* [Latex to RCE, Private Bug Bounty Program - Yasho](https://medium.com/bugbountywriteup/latex-to-rce-private-bug-bounty-program-6a0b5b33d26a) -* [Pwning coworkers thanks to LaTeX](http://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/) +- [Hacking with LaTeX - Sebastian Neef - March 10, 2016](https://0day.work/hacking-with-latex/) +- [Latex to RCE, Private Bug Bounty Program - Yasho - July 6, 2018](https://medium.com/bugbountywriteup/latex-to-rce-private-bug-bounty-program-6a0b5b33d26a) +- [Pwning coworkers thanks to LaTeX - scumjr - November 28, 2016](http://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/) \ No newline at end of file diff --git a/Mass Assignment/README.md b/Mass Assignment/README.md index 58621b0..831ec24 100644 --- a/Mass Assignment/README.md +++ b/Mass Assignment/README.md @@ -37,6 +37,6 @@ If the web application is not checking which parameters are allowed to be update ## References -* [Hunting for Mass Assignment - Shivam Bathla - Aug 12, 2021](https://blog.pentesteracademy.com/hunting-for-mass-assignment-56ed73095eda) -* [Mass Assignment Cheat Sheet - OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Mass_Assignment_Cheat_Sheet.html) -* [What is Mass Assignment? Attacks and Security Tips - Yoan MONTOYA - JUNE 15, 2023](https://www.vaadata.com/blog/what-is-mass-assignment-attacks-and-security-tips/) \ No newline at end of file +- [Hunting for Mass Assignment - Shivam Bathla - August 12, 2021](https://blog.pentesteracademy.com/hunting-for-mass-assignment-56ed73095eda) +- [Mass Assignment Cheat Sheet - OWASP - March 15, 2021](https://cheatsheetseries.owasp.org/cheatsheets/Mass_Assignment_Cheat_Sheet.html) +- [What is Mass Assignment? Attacks and Security Tips - Yoan MONTOYA - June 15, 2023](https://www.vaadata.com/blog/what-is-mass-assignment-attacks-and-security-tips/) \ No newline at end of file diff --git a/Methodology and Resources/Bind Shell Cheatsheet.md b/Methodology and Resources/Bind Shell Cheatsheet.md index 83912c7..3fd7643 100644 --- a/Methodology and Resources/Bind Shell Cheatsheet.md +++ b/Methodology and Resources/Bind Shell Cheatsheet.md @@ -2,12 +2,12 @@ :warning: Content of this page has been moved to [InternalAllTheThings/cheatsheets/shell-bind](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-bind-cheatsheet/) -* [Perl](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-bind-cheatsheet/#perl) -* [Python](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-bind-cheatsheet/#python) -* [PHP](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-bind-cheatsheet/#php) -* [Ruby](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-bind-cheatsheet/#ruby) -* [Netcat Traditional](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-bind-cheatsheet/#netcat-traditional) -* [Netcat OpenBsd](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-bind-cheatsheet/#netcat-openbsd) -* [Ncat](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-bind-cheatsheet/#ncat) -* [Socat](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-bind-cheatsheet/#socat) -* [Powershell](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-bind-cheatsheet/#powershell) \ No newline at end of file +- [Perl](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-bind-cheatsheet/#perl) +- [Python](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-bind-cheatsheet/#python) +- [PHP](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-bind-cheatsheet/#php) +- [Ruby](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-bind-cheatsheet/#ruby) +- [Netcat Traditional](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-bind-cheatsheet/#netcat-traditional) +- [Netcat OpenBsd](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-bind-cheatsheet/#netcat-openbsd) +- [Ncat](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-bind-cheatsheet/#ncat) +- [Socat](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-bind-cheatsheet/#socat) +- [Powershell](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-bind-cheatsheet/#powershell) \ No newline at end of file diff --git a/Methodology and Resources/Cloud - AWS Pentest.md b/Methodology and Resources/Cloud - AWS Pentest.md index 1dd9075..156cf8c 100644 --- a/Methodology and Resources/Cloud - AWS Pentest.md +++ b/Methodology and Resources/Cloud - AWS Pentest.md @@ -2,16 +2,16 @@ :warning: Content of this page has been moved to [InternalAllTheThings/cloud/aws](https://github.com/swisskyrepo/InternalAllTheThings/) -* [Cloud - AWS](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/AWS%20Pentest/) -* [AWS - Access Token & Secrets](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-access-token/) -* [AWS - Service - Cognito](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-cognito/) -* [AWS - Service - DynamoDB](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-dynamodb/) -* [AWS - Service - EC2](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-ec2/) -* [AWS - Enumerate](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-enumeration/) -* [AWS - Identity & Access Management](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-iam/) -* [AWS - IOC & Detections](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-ioc-detection/) -* [AWS - Service - Lambda](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-lambda/) -* [AWS - Metadata SSRF](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-metadata/) -* [AWS - Service - S3 Buckets](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-s3-bucket/) -* [AWS - Service - SSM](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-ssm/) -* [AWS - Training](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-training/) \ No newline at end of file +- [Cloud - AWS](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/AWS%20Pentest/) +- [AWS - Access Token & Secrets](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-access-token/) +- [AWS - Service - Cognito](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-cognito/) +- [AWS - Service - DynamoDB](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-dynamodb/) +- [AWS - Service - EC2](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-ec2/) +- [AWS - Enumerate](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-enumeration/) +- [AWS - Identity & Access Management](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-iam/) +- [AWS - IOC & Detections](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-ioc-detection/) +- [AWS - Service - Lambda](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-lambda/) +- [AWS - Metadata SSRF](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-metadata/) +- [AWS - Service - S3 Buckets](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-s3-bucket/) +- [AWS - Service - SSM](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-ssm/) +- [AWS - Training](https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/aws-training/) \ No newline at end of file diff --git a/Methodology and Resources/Cloud - Azure Pentest.md b/Methodology and Resources/Cloud - Azure Pentest.md index 0ffe721..2793113 100644 --- a/Methodology and Resources/Cloud - Azure Pentest.md +++ b/Methodology and Resources/Cloud - Azure Pentest.md @@ -2,11 +2,11 @@ :warning: Content of this page has been moved to [InternalAllTheThings/cloud/azure](https://github.com/swisskyrepo/InternalAllTheThings/) -* [Azure AD Connect](https://swisskyrepo.github.io/InternalAllTheThings/cloud/azure/azure-ad-connect/) -* [Azure AD Enumerate](https://swisskyrepo.github.io/InternalAllTheThings/cloud/azure/azure-enumeration/) -* [Azure AD IAM](https://swisskyrepo.github.io/InternalAllTheThings/cloud/azure/azure-devices-users-sp/) -* [Azure AD Phishing](https://swisskyrepo.github.io/InternalAllTheThings/cloud/azure/azure-phishing/) -* [Azure AD Tokens](https://swisskyrepo.github.io/InternalAllTheThings/cloud/azure/azure-access-and-token/) -* [Azure Persistence](https://swisskyrepo.github.io/InternalAllTheThings/cloud/azure/azure-persistence/) -* [Azure Requirements](https://swisskyrepo.github.io/InternalAllTheThings/cloud/azure/azure-requirements/) -* [Azure Services](https://swisskyrepo.github.io/InternalAllTheThings/cloud/azure/azure-services/) \ No newline at end of file +- [Azure AD Connect](https://swisskyrepo.github.io/InternalAllTheThings/cloud/azure/azure-ad-connect/) +- [Azure AD Enumerate](https://swisskyrepo.github.io/InternalAllTheThings/cloud/azure/azure-enumeration/) +- [Azure AD IAM](https://swisskyrepo.github.io/InternalAllTheThings/cloud/azure/azure-devices-users-sp/) +- [Azure AD Phishing](https://swisskyrepo.github.io/InternalAllTheThings/cloud/azure/azure-phishing/) +- [Azure AD Tokens](https://swisskyrepo.github.io/InternalAllTheThings/cloud/azure/azure-access-and-token/) +- [Azure Persistence](https://swisskyrepo.github.io/InternalAllTheThings/cloud/azure/azure-persistence/) +- [Azure Requirements](https://swisskyrepo.github.io/InternalAllTheThings/cloud/azure/azure-requirements/) +- [Azure Services](https://swisskyrepo.github.io/InternalAllTheThings/cloud/azure/azure-services/) \ No newline at end of file diff --git a/Methodology and Resources/Cobalt Strike - Cheatsheet.md b/Methodology and Resources/Cobalt Strike - Cheatsheet.md index 81236fa..f71e297 100644 --- a/Methodology and Resources/Cobalt Strike - Cheatsheet.md +++ b/Methodology and Resources/Cobalt Strike - Cheatsheet.md @@ -2,31 +2,31 @@ :warning: Content of this page has been moved to [InternalAllTheThings/command-control/cobalt-strike](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/) -* [Infrastructure](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#infrastructure) - * [Redirectors](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#redirectors) - * [Domain fronting](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#domain-fronting) -* [OpSec](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#opsec) - * [Customer ID](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#customer-id) -* [Payloads](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#payloads) - * [DNS Beacon](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#dns-beacon) - * [SMB Beacon](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#smb-beacon) - * [Metasploit compatibility](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#metasploit-compatibility) - * [Custom Payloads](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#custom-payloads) -* [Malleable C2](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#malleable-c2) -* [Files](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#files) -* [Powershell and .NET](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#powershell-and-net) - * [Powershell commabds](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#powershell-commands) - * [.NET remote execution](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#net-remote-execution) -* [Lateral Movement](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#lateral-movement) -* [VPN & Pivots](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#vpn--pivots) -* [Kits](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#kits) - * [Elevate Kit](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#elevate-kit) - * [Persistence Kit](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#persistence-kit) - * [Resource Kit](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#resource-kit) - * [Artifact Kit](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#artifact-kit) - * [Mimikatz Kit](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#mimikatz-kit) - * [Sleep Mask Kit](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#sleep-mask-kit) - * [Thread Stack Spoofer](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#thread-stack-spoofer) -* [Beacon Object Files](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#beacon-object-files) -* [NTLM Relaying via Cobalt Strike](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#ntlm-relaying-via-cobalt-strike) -* [References](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#references) \ No newline at end of file +- [Infrastructure](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#infrastructure) + - [Redirectors](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#redirectors) + - [Domain fronting](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#domain-fronting) +- [OpSec](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#opsec) + - [Customer ID](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#customer-id) +- [Payloads](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#payloads) + - [DNS Beacon](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#dns-beacon) + - [SMB Beacon](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#smb-beacon) + - [Metasploit compatibility](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#metasploit-compatibility) + - [Custom Payloads](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#custom-payloads) +- [Malleable C2](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#malleable-c2) +- [Files](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#files) +- [Powershell and .NET](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#powershell-and-net) + - [Powershell commabds](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#powershell-commands) + - [.NET remote execution](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#net-remote-execution) +- [Lateral Movement](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#lateral-movement) +- [VPN & Pivots](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#vpn--pivots) +- [Kits](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#kits) + - [Elevate Kit](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#elevate-kit) + - [Persistence Kit](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#persistence-kit) + - [Resource Kit](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#resource-kit) + - [Artifact Kit](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#artifact-kit) + - [Mimikatz Kit](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#mimikatz-kit) + - [Sleep Mask Kit](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#sleep-mask-kit) + - [Thread Stack Spoofer](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#thread-stack-spoofer) +- [Beacon Object Files](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#beacon-object-files) +- [NTLM Relaying via Cobalt Strike](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#ntlm-relaying-via-cobalt-strike) +- [References](https://swisskyrepo.github.io/InternalAllTheThings/command-control/cobalt-strike/#references) \ No newline at end of file diff --git a/Methodology and Resources/Escape Breakout.md b/Methodology and Resources/Escape Breakout.md index 2d18c43..d700bf0 100644 --- a/Methodology and Resources/Escape Breakout.md +++ b/Methodology and Resources/Escape Breakout.md @@ -2,15 +2,15 @@ :warning: Content of this page has been moved to [InternalAllTheThings/cheatsheets/escape-breakout](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/) -* [Gaining a command shell](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/#gaining-a-command-shell) -* [Sticky Keys](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/#sticky-keys) -* [Dialog Boxes](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/#dialog-boxes) - * [Creating new files](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/#creating-new-files) - * [Open a new Windows Explorer instance](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/#open-a-new-windows-explorer-instance) - * [Exploring Context Menus](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/#exploring-context-menus) - * [Save as](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/#save-as) - * [Input Boxes](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/#input-boxes) - * [Bypass file restrictions](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/#bypass-file-restrictions) -* [Internet Explorer](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/#internet-explorer) -* [Shell URI Handlers](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/#shell-uri-handlers) -* [References](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/#references) \ No newline at end of file +- [Gaining a command shell](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/#gaining-a-command-shell) +- [Sticky Keys](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/#sticky-keys) +- [Dialog Boxes](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/#dialog-boxes) + - [Creating new files](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/#creating-new-files) + - [Open a new Windows Explorer instance](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/#open-a-new-windows-explorer-instance) + - [Exploring Context Menus](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/#exploring-context-menus) + - [Save as](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/#save-as) + - [Input Boxes](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/#input-boxes) + - [Bypass file restrictions](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/#bypass-file-restrictions) +- [Internet Explorer](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/#internet-explorer) +- [Shell URI Handlers](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/#shell-uri-handlers) +- [References](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/escape-breakout/#references) \ No newline at end of file diff --git a/Methodology and Resources/Hash Cracking.md b/Methodology and Resources/Hash Cracking.md index d05a704..cb2dbb4 100644 --- a/Methodology and Resources/Hash Cracking.md +++ b/Methodology and Resources/Hash Cracking.md @@ -2,14 +2,14 @@ :warning: Content of this page has been moved to [InternalAllTheThings/cheatsheets/hash-cracking](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/hash-cracking/) -* [Hashcat](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/hash-cracking/#hashcat) - * [Hashcat Example Hashes](https://hashcat.net/wiki/doku.php?id=example_hashes) - * [Hashcat Install](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/hash-cracking/#hashcat-install) - * [Mask attack](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/hash-cracking/#mask-attack) - * [Dictionary](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/hash-cracking/#dictionary) -* [John](https://github.com/openwall/john) - * [Usage](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/hash-cracking/#john-usage) -* [Rainbow tables](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/hash-cracking/#rainbow-tables) -* [Tips and Tricks](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/hash-cracking/#tips-and-tricks) -* [Online Cracking Resources](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/hash-cracking/#online-cracking-resources) -* [References](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/hash-cracking/#references) \ No newline at end of file +- [Hashcat](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/hash-cracking/#hashcat) + - [Hashcat Example Hashes](https://hashcat.net/wiki/doku.php?id=example_hashes) + - [Hashcat Install](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/hash-cracking/#hashcat-install) + - [Mask attack](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/hash-cracking/#mask-attack) + - [Dictionary](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/hash-cracking/#dictionary) +- [John](https://github.com/openwall/john) + - [Usage](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/hash-cracking/#john-usage) +- [Rainbow tables](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/hash-cracking/#rainbow-tables) +- [Tips and Tricks](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/hash-cracking/#tips-and-tricks) +- [Online Cracking Resources](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/hash-cracking/#online-cracking-resources) +- [References](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/hash-cracking/#references) \ No newline at end of file diff --git a/Methodology and Resources/Initial Access.md b/Methodology and Resources/Initial Access.md index 037cc01..7d01196 100644 --- a/Methodology and Resources/Initial Access.md +++ b/Methodology and Resources/Initial Access.md @@ -2,10 +2,10 @@ :warning: Content of this page has been moved to [InternalAllTheThings/redteam/access/initial-access](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/initial-access/) -* [Complex Chains](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/initial-access/#complex-chains) -* [Container](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/initial-access/#container) -* [Payload](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/initial-access/#payload) - * [Binary Files](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/initial-access/#binary-files) - * [Code Execution Files](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/initial-access/#code-execution-files) - * [Embedded Files](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/initial-access/#embedded-files) -* [Code Signing](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/initial-access/#code-signing) \ No newline at end of file +- [Complex Chains](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/initial-access/#complex-chains) +- [Container](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/initial-access/#container) +- [Payload](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/initial-access/#payload) + - [Binary Files](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/initial-access/#binary-files) + - [Code Execution Files](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/initial-access/#code-execution-files) + - [Embedded Files](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/initial-access/#embedded-files) +- [Code Signing](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/initial-access/#code-signing) \ No newline at end of file diff --git a/Methodology and Resources/Linux - Persistence.md b/Methodology and Resources/Linux - Persistence.md index 3231fc0..f83eca5 100644 --- a/Methodology and Resources/Linux - Persistence.md +++ b/Methodology and Resources/Linux - Persistence.md @@ -2,17 +2,17 @@ :warning: Content of this page has been moved to [InternalAllTheThings/redteam/persistence/linux-persistence](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/) -* [Basic reverse shell](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#basic-reverse-shell) -* [Add a root user](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#add-a-root-user) -* [Suid Binary](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#suid-binary) -* [Crontab - Reverse shell](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#crontab---reverse-shell) -* [Backdooring a user's bash_rc](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#backdooring-a-users-bash_rc) -* [Backdooring a startup service](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#backdooring-a-startup-service) -* [Backdooring a user startup file](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#backdooring-a-user-startup-file) -* [Backdooring Message of the Day](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#backdooring-message-of-the-day) -* [Backdooring a driver](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#backdooring-a-driver) -* [Backdooring the APT](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#backdooring-the-apt) -* [Backdooring the SSH](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#backdooring-the-ssh) -* [Backdooring Git](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#backdooring-git) -* [Additional Linux Persistence Options](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#additional-persistence-options) -* [References](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#references) \ No newline at end of file +- [Basic reverse shell](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#basic-reverse-shell) +- [Add a root user](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#add-a-root-user) +- [Suid Binary](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#suid-binary) +- [Crontab - Reverse shell](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#crontab---reverse-shell) +- [Backdooring a user's bash_rc](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#backdooring-a-users-bash_rc) +- [Backdooring a startup service](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#backdooring-a-startup-service) +- [Backdooring a user startup file](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#backdooring-a-user-startup-file) +- [Backdooring Message of the Day](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#backdooring-message-of-the-day) +- [Backdooring a driver](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#backdooring-a-driver) +- [Backdooring the APT](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#backdooring-the-apt) +- [Backdooring the SSH](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#backdooring-the-ssh) +- [Backdooring Git](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#backdooring-git) +- [Additional Linux Persistence Options](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#additional-persistence-options) +- [References](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/linux-persistence/#references) \ No newline at end of file diff --git a/Methodology and Resources/Linux - Privilege Escalation.md b/Methodology and Resources/Linux - Privilege Escalation.md index c5ca16c..48b66f3 100644 --- a/Methodology and Resources/Linux - Privilege Escalation.md +++ b/Methodology and Resources/Linux - Privilege Escalation.md @@ -2,49 +2,49 @@ :warning: Content of this page has been moved to [InternalAllTheThings/redteam/persistence/linux-persistence](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/) -* [Tools](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#tools) -* [Checklist](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#checklists) -* [Looting for passwords](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#looting-for-passwords) - * [Files containing passwords](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#files-containing-passwords) - * [Old passwords in /etc/security/opasswd](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#old-passwords-in-etcsecurityopasswd) - * [Last edited files](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#last-edited-files) - * [In memory passwords](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#in-memory-passwords) - * [Find sensitive files](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#find-sensitive-files) -* [SSH Key](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#ssh-key) - * [Sensitive files](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#sensitive-files) - * [SSH Key Predictable PRNG (Authorized_Keys) Process](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#ssh-key-predictable-prng-authorized_keys-process) -* [Scheduled tasks](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#scheduled-tasks) - * [Cron jobs](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#cron-jobs) - * [Systemd timers](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#systemd-timers) -* [SUID](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#suid) - * [Find SUID binaries](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#find-suid-binaries) - * [Create a SUID binary](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#create-a-suid-binary) -* [Capabilities](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#capabilities) - * [List capabilities of binaries](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#list-capabilities-of-binaries) - * [Edit capabilities](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#edit-capabilities) - * [Interesting capabilities](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#interesting-capabilities) -* [SUDO](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#sudo) - * [NOPASSWD](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#nopasswd) - * [LD_PRELOAD and NOPASSWD](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#ld_preload-and-nopasswd) - * [Doas](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#doas) - * [sudo_inject](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#sudo_inject) - * [CVE-2019-14287](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#cve-2019-14287) -* [GTFOBins](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#gtfobins) -* [Wildcard](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#wildcard) -* [Writable files](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#writable-files) - * [Writable /etc/passwd](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#writable-etcpasswd) - * [Writable /etc/sudoers](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#writable-etcsudoers) -* [NFS Root Squashing](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#nfs-root-squashing) -* [Shared Library](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#shared-library) - * [ldconfig](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#ldconfig) - * [RPATH](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#rpath) -* [Groups](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#groups) - * [Docker](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#docker) - * [LXC/LXD](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#lxclxd) -* [Hijack TMUX session](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#hijack-tmux-session) -* [Kernel Exploits](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#kernel-exploits) - * [CVE-2022-0847 (DirtyPipe)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#cve-2022-0847-dirtypipe) - * [CVE-2016-5195 (DirtyCow)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#cve-2016-5195-dirtycow) - * [CVE-2010-3904 (RDS)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#cve-2010-3904-rds) - * [CVE-2010-4258 (Full Nelson)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#cve-2010-4258-full-nelson) - * [CVE-2012-0056 (Mempodipper)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#cve-2012-0056-mempodipper) \ No newline at end of file +- [Tools](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#tools) +- [Checklist](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#checklists) +- [Looting for passwords](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#looting-for-passwords) + - [Files containing passwords](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#files-containing-passwords) + - [Old passwords in /etc/security/opasswd](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#old-passwords-in-etcsecurityopasswd) + - [Last edited files](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#last-edited-files) + - [In memory passwords](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#in-memory-passwords) + - [Find sensitive files](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#find-sensitive-files) +- [SSH Key](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#ssh-key) + - [Sensitive files](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#sensitive-files) + - [SSH Key Predictable PRNG (Authorized_Keys) Process](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#ssh-key-predictable-prng-authorized_keys-process) +- [Scheduled tasks](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#scheduled-tasks) + - [Cron jobs](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#cron-jobs) + - [Systemd timers](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#systemd-timers) +- [SUID](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#suid) + - [Find SUID binaries](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#find-suid-binaries) + - [Create a SUID binary](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#create-a-suid-binary) +- [Capabilities](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#capabilities) + - [List capabilities of binaries](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#list-capabilities-of-binaries) + - [Edit capabilities](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#edit-capabilities) + - [Interesting capabilities](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#interesting-capabilities) +- [SUDO](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#sudo) + - [NOPASSWD](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#nopasswd) + - [LD_PRELOAD and NOPASSWD](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#ld_preload-and-nopasswd) + - [Doas](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#doas) + - [sudo_inject](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#sudo_inject) + - [CVE-2019-14287](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#cve-2019-14287) +- [GTFOBins](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#gtfobins) +- [Wildcard](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#wildcard) +- [Writable files](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#writable-files) + - [Writable /etc/passwd](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#writable-etcpasswd) + - [Writable /etc/sudoers](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#writable-etcsudoers) +- [NFS Root Squashing](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#nfs-root-squashing) +- [Shared Library](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#shared-library) + - [ldconfig](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#ldconfig) + - [RPATH](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#rpath) +- [Groups](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#groups) + - [Docker](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#docker) + - [LXC/LXD](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#lxclxd) +- [Hijack TMUX session](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#hijack-tmux-session) +- [Kernel Exploits](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#kernel-exploits) + - [CVE-2022-0847 (DirtyPipe)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#cve-2022-0847-dirtypipe) + - [CVE-2016-5195 (DirtyCow)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#cve-2016-5195-dirtycow) + - [CVE-2010-3904 (RDS)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#cve-2010-3904-rds) + - [CVE-2010-4258 (Full Nelson)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#cve-2010-4258-full-nelson) + - [CVE-2012-0056 (Mempodipper)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/linux-privilege-escalation/#cve-2012-0056-mempodipper) \ No newline at end of file diff --git a/Methodology and Resources/MSSQL Server - Cheatsheet.md b/Methodology and Resources/MSSQL Server - Cheatsheet.md index e3a1a74..50fd6d3 100644 --- a/Methodology and Resources/MSSQL Server - Cheatsheet.md +++ b/Methodology and Resources/MSSQL Server - Cheatsheet.md @@ -2,60 +2,60 @@ :warning: Content of this page has been moved to [InternalAllTheThings/cheatsheets/mssql-server-cheatsheet](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/) -* [Tools](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#tools) -* [Identify Instances and Databases](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#identifiy-instaces-and-databases) - * [Discover Local SQL Server Instances](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#discover-local-sql-server-instances) - * [Discover Domain SQL Server Instances](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#discover-domain-sql-server-instances) - * [Discover Remote SQL Server Instances](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#discover-remote-sql-instances) - * [Identify Encrypted databases](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#identifiy-encrypted-databases) - * [Version Query](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#version-query) -* [Identify Sensitive Information](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#identify-sensitive-information) - * [Get Tables from a Specific Database](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#get-tables-from-specific-databases) - * [Gather 5 Entries from Each Column](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#gather-5-entries-from-each-column) - * [Gather 5 Entries from a Specific Table](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#gather-5-entries-from-a-specific-table) - * [Dump common information from server to files](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#dump-common-information-from-server-to-files) -* [Linked Database](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#linked-database) - * [Find Trusted Link](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#find-trusted-link) - * [Execute Query Through The Link](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#execute-query-through-the-link) - * [Crawl Links for Instances in the Domain](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#crawl-links-for-instances-in-the-domain) - * [Crawl Links for a Specific Instance](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#crawl-links-for-a-specific-instance) - * [Query Version of Linked Database](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#query-version-of-linked-database) - * [Execute Procedure on Linked Database](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#execute-procedure-on-linked-database) - * [Determine Names of Linked Databases ](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#determine-names-of-linked-databases) - * [Determine All the Tables Names from a Selected Linked Database](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#determine-all-the-tables-names-from-a-selected-linked-database) - * [Gather the Top 5 Columns from a Selected Linked Table](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#gather-the-top-5-columns-from-a-selected-linked-table) - * [Gather Entries from a Selected Linked Column](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#gather-entries-from-a-selected-linked-column) -* [Command Execution via xp_cmdshell](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#command-execution-via-xp_cmdshell) -* [Extended Stored Procedure](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#extended-stored-procedure) - * [Add the extended stored procedure and list extended stored procedures](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#add-the-extended-stored-procedure-and-list-extended-stored-procedures) -* [CLR Assemblies](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#clr-assemblies) - * [Execute commands using CLR assembly](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#execute-commands-using-clr-assembly) - * [Manually creating a CLR DLL and importing it](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#manually-creating-a-clr-dll-and-importing-it) -* [OLE Automation](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#ole-automation) - * [Execute commands using OLE automation procedures](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#execute-commands-using-ole-automation-procedures) -* [Agent Jobs](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#agent-jobs) - * [Execute commands through SQL Agent Job service](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#execute-commands-through-sql-agent-job-service) - * [List All Jobs](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#list-all-jobs) -* [External Scripts](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#external-scripts) - * [Python](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#python) - * [R](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#r) -* [Audit Checks](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#audit-checks) - * [Find and exploit impersonation opportunities](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#find-and-exploit-impersonation-opportunities) -* [Find databases that have been configured as trustworthy](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#find-databases-that-have-been-configured-as-trustworthy) -* [Manual SQL Server Queries](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#manual-sql-server-queries) - * [Query Current User & determine if the user is a sysadmin](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#query-current-user--determine-if-the-user-is-a-sysadmin) - * [Current Role](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#current-role) - * [Current DB](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#current-db) - * [List all tables](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#list-all-tables) - * [List all databases](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#list-all-databases) - * [All Logins on Server](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#all-logins-on-server) - * [All Database Users for a Database](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#all-database-users-for-a-database) - * [List All Sysadmins](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#list-all-sysadmins) - * [List All Database Roles](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#list-all-database-role) - * [Effective Permissions from the Server](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#effective-permissions-from-the-server) - * [Effective Permissions from the Database](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#effective-permissions-from-the-database) - * [Find SQL Server Logins Which can be Impersonated for the Current Database](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#find-sql-server-logins-which-can-be-impersonated-for-the-current-database) - * [Exploiting Impersonation](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#exploiting-impersonation) - * [Exploiting Nested Impersonation](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#exploiting-nested-impersonation) - * [MSSQL Accounts and Hashes](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#mssql-accounts-and-hashes) -* [References](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#references) \ No newline at end of file +- [Tools](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#tools) +- [Identify Instances and Databases](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#identifiy-instaces-and-databases) + - [Discover Local SQL Server Instances](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#discover-local-sql-server-instances) + - [Discover Domain SQL Server Instances](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#discover-domain-sql-server-instances) + - [Discover Remote SQL Server Instances](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#discover-remote-sql-instances) + - [Identify Encrypted databases](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#identifiy-encrypted-databases) + - [Version Query](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#version-query) +- [Identify Sensitive Information](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#identify-sensitive-information) + - [Get Tables from a Specific Database](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#get-tables-from-specific-databases) + - [Gather 5 Entries from Each Column](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#gather-5-entries-from-each-column) + - [Gather 5 Entries from a Specific Table](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#gather-5-entries-from-a-specific-table) + - [Dump common information from server to files](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#dump-common-information-from-server-to-files) +- [Linked Database](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#linked-database) + - [Find Trusted Link](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#find-trusted-link) + - [Execute Query Through The Link](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#execute-query-through-the-link) + - [Crawl Links for Instances in the Domain](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#crawl-links-for-instances-in-the-domain) + - [Crawl Links for a Specific Instance](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#crawl-links-for-a-specific-instance) + - [Query Version of Linked Database](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#query-version-of-linked-database) + - [Execute Procedure on Linked Database](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#execute-procedure-on-linked-database) + - [Determine Names of Linked Databases ](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#determine-names-of-linked-databases) + - [Determine All the Tables Names from a Selected Linked Database](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#determine-all-the-tables-names-from-a-selected-linked-database) + - [Gather the Top 5 Columns from a Selected Linked Table](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#gather-the-top-5-columns-from-a-selected-linked-table) + - [Gather Entries from a Selected Linked Column](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#gather-entries-from-a-selected-linked-column) +- [Command Execution via xp_cmdshell](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#command-execution-via-xp_cmdshell) +- [Extended Stored Procedure](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#extended-stored-procedure) + - [Add the extended stored procedure and list extended stored procedures](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#add-the-extended-stored-procedure-and-list-extended-stored-procedures) +- [CLR Assemblies](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#clr-assemblies) + - [Execute commands using CLR assembly](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#execute-commands-using-clr-assembly) + - [Manually creating a CLR DLL and importing it](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#manually-creating-a-clr-dll-and-importing-it) +- [OLE Automation](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#ole-automation) + - [Execute commands using OLE automation procedures](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#execute-commands-using-ole-automation-procedures) +- [Agent Jobs](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#agent-jobs) + - [Execute commands through SQL Agent Job service](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#execute-commands-through-sql-agent-job-service) + - [List All Jobs](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#list-all-jobs) +- [External Scripts](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#external-scripts) + - [Python](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#python) + - [R](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#r) +- [Audit Checks](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#audit-checks) + - [Find and exploit impersonation opportunities](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#find-and-exploit-impersonation-opportunities) +- [Find databases that have been configured as trustworthy](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#find-databases-that-have-been-configured-as-trustworthy) +- [Manual SQL Server Queries](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#manual-sql-server-queries) + - [Query Current User & determine if the user is a sysadmin](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#query-current-user--determine-if-the-user-is-a-sysadmin) + - [Current Role](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#current-role) + - [Current DB](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#current-db) + - [List all tables](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#list-all-tables) + - [List all databases](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#list-all-databases) + - [All Logins on Server](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#all-logins-on-server) + - [All Database Users for a Database](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#all-database-users-for-a-database) + - [List All Sysadmins](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#list-all-sysadmins) + - [List All Database Roles](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#list-all-database-role) + - [Effective Permissions from the Server](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#effective-permissions-from-the-server) + - [Effective Permissions from the Database](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#effective-permissions-from-the-database) + - [Find SQL Server Logins Which can be Impersonated for the Current Database](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#find-sql-server-logins-which-can-be-impersonated-for-the-current-database) + - [Exploiting Impersonation](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#exploiting-impersonation) + - [Exploiting Nested Impersonation](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#exploiting-nested-impersonation) + - [MSSQL Accounts and Hashes](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#mssql-accounts-and-hashes) +- [References](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mssql-server-cheatsheet/#references) \ No newline at end of file diff --git a/Methodology and Resources/Metasploit - Cheatsheet.md b/Methodology and Resources/Metasploit - Cheatsheet.md index 9801dc8..bb7d193 100644 --- a/Methodology and Resources/Metasploit - Cheatsheet.md +++ b/Methodology and Resources/Metasploit - Cheatsheet.md @@ -2,22 +2,22 @@ :warning: Content of this page has been moved to [InternalAllTheThings/command-control/metasploit](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/) -* [Installation](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#installation) -* [Sessions](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#sessions) -* [Background handler](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#background-handler) -* [Meterpreter - Basic](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#meterpreter---basic) - * [Generate a meterpreter](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#generate-a-meterpreter) - * [Meterpreter Webdelivery](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#meterpreter-webdelivery) - * [Get System](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#get-system) - * [Persistence Startup](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#persistence-startup) - * [Network Monitoring](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#network-monitoring) - * [Portforward](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#portforward) - * [Upload / Download](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#upload---download) - * [Execute from Memory](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#execute-from-memory) - * [Mimikatz](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#mimikatz) - * [Pass the Hash - PSExec](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#pass-the-hash---psexec) - * [Use SOCKS Proxy](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#use-socks-proxy) -* [Scripting Metasploit](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#scripting-metasploit) -* [Multiple transports](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#multiple-transports) -* [Best of - Exploits](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#best-of---exploits) -* [References](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#references) \ No newline at end of file +- [Installation](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#installation) +- [Sessions](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#sessions) +- [Background handler](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#background-handler) +- [Meterpreter - Basic](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#meterpreter---basic) + - [Generate a meterpreter](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#generate-a-meterpreter) + - [Meterpreter Webdelivery](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#meterpreter-webdelivery) + - [Get System](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#get-system) + - [Persistence Startup](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#persistence-startup) + - [Network Monitoring](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#network-monitoring) + - [Portforward](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#portforward) + - [Upload / Download](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#upload---download) + - [Execute from Memory](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#execute-from-memory) + - [Mimikatz](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#mimikatz) + - [Pass the Hash - PSExec](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#pass-the-hash---psexec) + - [Use SOCKS Proxy](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#use-socks-proxy) +- [Scripting Metasploit](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#scripting-metasploit) +- [Multiple transports](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#multiple-transports) +- [Best of - Exploits](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#best-of---exploits) +- [References](https://swisskyrepo.github.io/InternalAllTheThings/command-control/metasploit/#references) \ No newline at end of file diff --git a/Methodology and Resources/Methodology and enumeration.md b/Methodology and Resources/Methodology and enumeration.md index e69a5fb..74e71af 100644 --- a/Methodology and Resources/Methodology and enumeration.md +++ b/Methodology and Resources/Methodology and enumeration.md @@ -4,14 +4,14 @@ ## Summary -* [Passive Recon](https://swisskyrepo.github.io/InternalAllTheThings/methodology/bug-hunting-methodology/#passive-recon) - * Shodan - * Wayback Machine - * The Harvester - * Github OSINT +- [Passive Recon](https://swisskyrepo.github.io/InternalAllTheThings/methodology/bug-hunting-methodology/#passive-recon) + - Shodan + - Wayback Machine + - The Harvester + - Github OSINT -* [Active Recon](https://swisskyrepo.github.io/InternalAllTheThings/methodology/bug-hunting-methodology/#active-recon) - * [Network discovery](https://swisskyrepo.github.io/InternalAllTheThings/methodology/bug-hunting-methodology/#network-discovery) - * [Web discovery](https://swisskyrepo.github.io/InternalAllTheThings/methodology/bug-hunting-methodology/#web-discovery) +- [Active Recon](https://swisskyrepo.github.io/InternalAllTheThings/methodology/bug-hunting-methodology/#active-recon) + - [Network discovery](https://swisskyrepo.github.io/InternalAllTheThings/methodology/bug-hunting-methodology/#network-discovery) + - [Web discovery](https://swisskyrepo.github.io/InternalAllTheThings/methodology/bug-hunting-methodology/#web-discovery) -* [Web Vulnerabilities](https://swisskyrepo.github.io/InternalAllTheThings/methodology/bug-hunting-methodology/#looking-for-web-vulnerabilities) \ No newline at end of file +- [Web Vulnerabilities](https://swisskyrepo.github.io/InternalAllTheThings/methodology/bug-hunting-methodology/#looking-for-web-vulnerabilities) \ No newline at end of file diff --git a/Methodology and Resources/Network Pivoting Techniques.md b/Methodology and Resources/Network Pivoting Techniques.md index 1a52684..30d0951 100644 --- a/Methodology and Resources/Network Pivoting Techniques.md +++ b/Methodology and Resources/Network Pivoting Techniques.md @@ -2,28 +2,28 @@ :warning: Content of this page has been moved to [InternalAllTheThings/redteam/pivoting/network-pivoting-techniques](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/) -* [SOCKS Compatibility Table](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#socks-compatibility-table) -* [Windows netsh Port Forwarding](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#windows-netsh-port-forwarding) -* [SSH](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#ssh) - * [SOCKS Proxy](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#socks-proxy) - * [Local Port Forwarding](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#local-port-forwarding) - * [Remote Port Forwarding](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#remote-port-forwarding) -* [Proxychains](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#proxychains) -* [Graftcp](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#graftcp) -* [Web SOCKS - reGeorg](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#web-socks---regeorg) -* [Web SOCKS - pivotnacci](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#web-socks---pivotnacci) -* [Metasploit](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#metasploit) -* [sshuttle](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#sshuttle) -* [chisel](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#chisel) - * [SharpChisel](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#sharpchisel) -* [gost](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#gost) -* [Rpivot](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#rpivot) -* [RevSocks](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#revsocks) -* [plink](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#plink) -* [ngrok](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#ngrok) -* [Capture a network trace with builtin tools](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#capture-a-network-trace-with-builtin-tools) -* [Basic Pivoting Types](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#basic-pivoting-types) - * [Listen - Listen](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#listen---listen) - * [Listen - Connect](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#listen---connect) - * [Connect - Connect](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#connect---connect) -* [References](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#references) \ No newline at end of file +- [SOCKS Compatibility Table](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#socks-compatibility-table) +- [Windows netsh Port Forwarding](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#windows-netsh-port-forwarding) +- [SSH](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#ssh) + - [SOCKS Proxy](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#socks-proxy) + - [Local Port Forwarding](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#local-port-forwarding) + - [Remote Port Forwarding](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#remote-port-forwarding) +- [Proxychains](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#proxychains) +- [Graftcp](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#graftcp) +- [Web SOCKS - reGeorg](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#web-socks---regeorg) +- [Web SOCKS - pivotnacci](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#web-socks---pivotnacci) +- [Metasploit](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#metasploit) +- [sshuttle](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#sshuttle) +- [chisel](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#chisel) + - [SharpChisel](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#sharpchisel) +- [gost](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#gost) +- [Rpivot](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#rpivot) +- [RevSocks](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#revsocks) +- [plink](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#plink) +- [ngrok](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#ngrok) +- [Capture a network trace with builtin tools](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#capture-a-network-trace-with-builtin-tools) +- [Basic Pivoting Types](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#basic-pivoting-types) + - [Listen - Listen](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#listen---listen) + - [Listen - Connect](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#listen---connect) + - [Connect - Connect](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#connect---connect) +- [References](https://swisskyrepo.github.io/InternalAllTheThings/redteam/pivoting/network-pivoting-techniques/#references) \ No newline at end of file diff --git a/Methodology and Resources/Office - Attacks.md b/Methodology and Resources/Office - Attacks.md index 194fe43..6cbd4b6 100644 --- a/Methodology and Resources/Office - Attacks.md +++ b/Methodology and Resources/Office - Attacks.md @@ -2,36 +2,36 @@ :warning: Content of this page has been moved to [InternalAllTheThings/redteam/access/office-attacks](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/) -* [Office Products Features](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#office-products-features) -* [Office Default Passwords](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#office-default-passwords) -* [Office Macro execute WinAPI](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#office-macro-execute-winapi) -* [Excel](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#excel) - * [XLSM - Hot Manchego](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#xlsm---hot-manchego) - * [XLS - Macrome](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#xls---macrome) - * [XLM Excel 4.0 - SharpShooter](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#xlm-excel-40---sharpshooter) - * [XLM Excel 4.0 - EXCELntDonut](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#xlm-excel-40---excelntdonut) - * [XLM Excel 4.0 - EXEC](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#xlm-excel-40---exec) - * [SLK - EXEC](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#slk---exec) -* [Word](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#word) - * [DOCM - Metasploit](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docm---metasploit) - * [DOCM - Download and Execute](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docm---download-and-execute) - * [DOCM - Macro Creator](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docm---macro-creator) - * [DOCM - C# converted to Office VBA macro](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docm---c-converted-to-office-vba-macro) - * [DOCM - VBA Wscript](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docm---vba-wscript) - * [DOCM - VBA Shell Execute Comment](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docm---vba-shell-execute-comment) - * [DOCM - VBA Spawning via svchost.exe using Scheduled Task](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docm---vba-spawning-via-svchostexe-using-scheduled-task) - * [DCOM - WMI COM functions (VBA AMSI)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docm---wmi-com-functions) - * [DOCM - winmgmts](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docm---winmgmts) - * [DOCM - Macro Pack - Macro and DDE](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docmxlm---macro-pack---macro-and-dde) - * [DOCM - BadAssMacros](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docm---badassmacros) - * [DOCM - CACTUSTORCH VBA Module](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docm---cactustorch-vba-module) - * [DOCM - MMG with Custom DL + Exec](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docm---mmg-with-custom-dl--exec) - * [VBA Obfuscation](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#vba-obfuscation) - * [VBA Purging](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#vba-purging) - * [OfficePurge](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#officepurge) - * [EvilClippy](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#evilclippy) - * [VBA AMSI](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#vba-amsi) - * [VBA - Offensive Security Template](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#vba---offensive-security-template) - * [DOCX - Template Injection](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docx---template-injection) - * [DOCX - DDE](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docx---dde) -* [References](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#references) \ No newline at end of file +- [Office Products Features](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#office-products-features) +- [Office Default Passwords](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#office-default-passwords) +- [Office Macro execute WinAPI](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#office-macro-execute-winapi) +- [Excel](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#excel) + - [XLSM - Hot Manchego](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#xlsm---hot-manchego) + - [XLS - Macrome](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#xls---macrome) + - [XLM Excel 4.0 - SharpShooter](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#xlm-excel-40---sharpshooter) + - [XLM Excel 4.0 - EXCELntDonut](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#xlm-excel-40---excelntdonut) + - [XLM Excel 4.0 - EXEC](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#xlm-excel-40---exec) + - [SLK - EXEC](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#slk---exec) +- [Word](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#word) + - [DOCM - Metasploit](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docm---metasploit) + - [DOCM - Download and Execute](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docm---download-and-execute) + - [DOCM - Macro Creator](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docm---macro-creator) + - [DOCM - C# converted to Office VBA macro](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docm---c-converted-to-office-vba-macro) + - [DOCM - VBA Wscript](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docm---vba-wscript) + - [DOCM - VBA Shell Execute Comment](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docm---vba-shell-execute-comment) + - [DOCM - VBA Spawning via svchost.exe using Scheduled Task](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docm---vba-spawning-via-svchostexe-using-scheduled-task) + - [DCOM - WMI COM functions (VBA AMSI)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docm---wmi-com-functions) + - [DOCM - winmgmts](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docm---winmgmts) + - [DOCM - Macro Pack - Macro and DDE](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docmxlm---macro-pack---macro-and-dde) + - [DOCM - BadAssMacros](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docm---badassmacros) + - [DOCM - CACTUSTORCH VBA Module](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docm---cactustorch-vba-module) + - [DOCM - MMG with Custom DL + Exec](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docm---mmg-with-custom-dl--exec) + - [VBA Obfuscation](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#vba-obfuscation) + - [VBA Purging](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#vba-purging) + - [OfficePurge](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#officepurge) + - [EvilClippy](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#evilclippy) + - [VBA AMSI](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#vba-amsi) + - [VBA - Offensive Security Template](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#vba---offensive-security-template) + - [DOCX - Template Injection](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docx---template-injection) + - [DOCX - DDE](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#docx---dde) +- [References](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/office-attacks/#references) \ No newline at end of file diff --git a/Methodology and Resources/Powershell - Cheatsheet.md b/Methodology and Resources/Powershell - Cheatsheet.md index 5e4a852..9c7ac8d 100644 --- a/Methodology and Resources/Powershell - Cheatsheet.md +++ b/Methodology and Resources/Powershell - Cheatsheet.md @@ -10,8 +10,8 @@ - [Load Powershell scripts](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/powershell-cheatsheet/#load-powershell-scripts) - [Load Chttps://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/powershell-cheatsheet/# assembly reflectively](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/powershell-cheatsheet/#load-c-assembly-reflectively) - [Call Win API using delegate functions with Reflection](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/powershell-cheatsheet/#call-win-api-using-delegate-functions-with-reflection) - - [Resolve address functions](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/powershell-cheatsheet/#resolve-address-functions) - - [DelegateType Reflection](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/powershell-cheatsheet/#delegatetype-reflection) - - [Example with a simple shellcode runner](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/powershell-cheatsheet/#example-with-a-simple-shellcode-runner) + - [Resolve address functions](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/powershell-cheatsheet/#resolve-address-functions) + - [DelegateType Reflection](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/powershell-cheatsheet/#delegatetype-reflection) + - [Example with a simple shellcode runner](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/powershell-cheatsheet/#example-with-a-simple-shellcode-runner) - [Secure String to Plaintext](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/powershell-cheatsheet/#secure-string-to-plaintext) - [References](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/powershell-cheatsheet/#references) \ No newline at end of file diff --git a/Methodology and Resources/Reverse Shell Cheatsheet.md b/Methodology and Resources/Reverse Shell Cheatsheet.md index 93c3d92..7b9aa29 100644 --- a/Methodology and Resources/Reverse Shell Cheatsheet.md +++ b/Methodology and Resources/Reverse Shell Cheatsheet.md @@ -2,42 +2,42 @@ :warning: Content of this page has been moved to [InternalAllTheThings/cheatsheet/shell-reverse](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/) -* [Tools](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#tools) -* [Reverse Shell](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#reverse-shell) - * [Awk](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#awk) - * [Automatic Reverse Shell Generator](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#revshells) - * [Bash TCP](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#bash-tcp) - * [Bash UDP](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#bash-udp) - * [C](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#c) - * [Dart](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#dart) - * [Golang](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#golang) - * [Groovy Alternative 1](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#groovy-alternative-1) - * [Groovy](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#groovy) - * [Java Alternative 1](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#java-alternative-1) - * [Java Alternative 2](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#java-alternative-2) - * [Java](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#java) - * [Lua](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#lua) - * [Ncat](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#ncat) - * [Netcat OpenBsd](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#netcat-openbsd) - * [Netcat BusyBox](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#netcat-busybox) - * [Netcat Traditional](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#netcat-traditional) - * [NodeJS](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#nodejs) - * [OGNL](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#ognl) - * [OpenSSL](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#openssl) - * [Perl](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#perl) - * [PHP](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#php) - * [Powershell](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#powershell) - * [Python](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#python) - * [Ruby](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#ruby) - * [Rust](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#rust) - * [Socat](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#socat) - * [Telnet](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#telnet) - * [War](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#war) -* [Meterpreter Shell](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#meterpreter-shell) - * [Windows Staged reverse TCP](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#windows-staged-reverse-tcp) - * [Windows Stageless reverse TCP](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#windows-stageless-reverse-tcp) - * [Linux Staged reverse TCP](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#linux-staged-reverse-tcp) - * [Linux Stageless reverse TCP](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#linux-stageless-reverse-tcp) - * [Other platforms](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#other-platforms) -* [Spawn TTY Shell](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#spawn-tty-shell) -* [References](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#references) \ No newline at end of file +- [Tools](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#tools) +- [Reverse Shell](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#reverse-shell) + - [Awk](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#awk) + - [Automatic Reverse Shell Generator](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#revshells) + - [Bash TCP](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#bash-tcp) + - [Bash UDP](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#bash-udp) + - [C](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#c) + - [Dart](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#dart) + - [Golang](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#golang) + - [Groovy Alternative 1](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#groovy-alternative-1) + - [Groovy](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#groovy) + - [Java Alternative 1](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#java-alternative-1) + - [Java Alternative 2](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#java-alternative-2) + - [Java](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#java) + - [Lua](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#lua) + - [Ncat](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#ncat) + - [Netcat OpenBsd](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#netcat-openbsd) + - [Netcat BusyBox](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#netcat-busybox) + - [Netcat Traditional](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#netcat-traditional) + - [NodeJS](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#nodejs) + - [OGNL](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#ognl) + - [OpenSSL](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#openssl) + - [Perl](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#perl) + - [PHP](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#php) + - [Powershell](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#powershell) + - [Python](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#python) + - [Ruby](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#ruby) + - [Rust](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#rust) + - [Socat](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#socat) + - [Telnet](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#telnet) + - [War](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#war) +- [Meterpreter Shell](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#meterpreter-shell) + - [Windows Staged reverse TCP](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#windows-staged-reverse-tcp) + - [Windows Stageless reverse TCP](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#windows-stageless-reverse-tcp) + - [Linux Staged reverse TCP](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#linux-staged-reverse-tcp) + - [Linux Stageless reverse TCP](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#linux-stageless-reverse-tcp) + - [Other platforms](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#other-platforms) +- [Spawn TTY Shell](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#spawn-tty-shell) +- [References](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#references) \ No newline at end of file diff --git a/Methodology and Resources/Source Code Management.md b/Methodology and Resources/Source Code Management.md index 6e36aa1..c60bab6 100644 --- a/Methodology and Resources/Source Code Management.md +++ b/Methodology and Resources/Source Code Management.md @@ -2,8 +2,8 @@ :warning: Content of this page has been moved to [InternalAllTheThings/cheatsheets/source-code-management-ci](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/source-code-management-ci/) -* [Tools](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/source-code-management-ci/#tools) -* [Enumerate repositories files and secrets](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/source-code-management-ci/#enumerate-repositories-files-and-secrets) -* [Personal Access Token](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/source-code-management-ci/#personal-access-token) -* [Gitlab CI/Github Actions](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/source-code-management-ci/#gitlab-cigithub-actions) -* [References](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/source-code-management-ci/#references) \ No newline at end of file +- [Tools](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/source-code-management-ci/#tools) +- [Enumerate repositories files and secrets](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/source-code-management-ci/#enumerate-repositories-files-and-secrets) +- [Personal Access Token](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/source-code-management-ci/#personal-access-token) +- [Gitlab CI/Github Actions](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/source-code-management-ci/#gitlab-cigithub-actions) +- [References](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/source-code-management-ci/#references) \ No newline at end of file diff --git a/Methodology and Resources/Subdomains Enumeration.md b/Methodology and Resources/Subdomains Enumeration.md index f9075e6..b427a9a 100644 --- a/Methodology and Resources/Subdomains Enumeration.md +++ b/Methodology and Resources/Subdomains Enumeration.md @@ -2,25 +2,25 @@ :warning: Content of this page has been moved to [InternalAllTheThings/cloud/azure](https://github.com/swisskyrepo/InternalAllTheThings/) -* [Enumerate all subdomains](#enumerate-all-subdomains-only-if-the-scope-is-domainext) - * Subbrute - * KnockPy - * GoogleDorks - * EyeWitness - * Sublist3r - * Subfinder - * Findomain - * Aquatone (Ruby and Go versions) - * AltDNS - * MassDNS - * Nmap - * Dnsdumpster -* Subdomain take over - * tko-subs - * HostileSubBruteForcer - * SubOver +- [Enumerate all subdomains](#enumerate-all-subdomains-only-if-the-scope-is-domainext) + - Subbrute + - KnockPy + - GoogleDorks + - EyeWitness + - Sublist3r + - Subfinder + - Findomain + - Aquatone (Ruby and Go versions) + - AltDNS + - MassDNS + - Nmap + - Dnsdumpster +- Subdomain take over + - tko-subs + - HostileSubBruteForcer + - SubOver -## Enumerate all subdomains (only if the scope is *.domain.ext) +## Enumerate all subdomains (only if the scope is -.domain.ext) ### Using Subbrute @@ -54,12 +54,12 @@ You need to include subdomains ;) https://www.google.com/transparencyreport/https/ct/?hl=en-US#domain=[DOMAIN]g&incl_exp=true&incl_sub=true ```bash -site:*.domain.com -www +site:-.domain.com -www site:domain.com filetype:pdf site:domain.com inurl:'&' site:domain.com inurl:login,register,upload,logout,redirect,redir,goto,admin site:domain.com ext:php,asp,aspx,jsp,jspa,txt,swf -site:*.*.domain.com +site:-.-.domain.com ``` ### Using Sublist3r @@ -199,5 +199,5 @@ go get github.com/Ice3man543/SubOver ## References -* [Subdomain Takeover: Proof Creation for Bug Bounties - Patrik Hudak](https://0xpatrik.com/takeover-proofs/) -* [Subdomain Takeover: Basics - Patrik Hudak](https://0xpatrik.com/subdomain-takeover-basics/) +- [Subdomain Takeover: Proof Creation for Bug Bounties - Patrik Hudak](https://0xpatrik.com/takeover-proofs/) +- [Subdomain Takeover: Basics - Patrik Hudak](https://0xpatrik.com/subdomain-takeover-basics/) diff --git a/Methodology and Resources/Vulnerability Reports.md b/Methodology and Resources/Vulnerability Reports.md index edd7db7..a385347 100644 --- a/Methodology and Resources/Vulnerability Reports.md +++ b/Methodology and Resources/Vulnerability Reports.md @@ -2,8 +2,8 @@ :warning: Content of this page has been moved to [InternalAllTheThings/methodology/vulnerability-reports](https://swisskyrepo.github.io/InternalAllTheThings/methodology/vulnerability-reports/) -* [Tools](https://swisskyrepo.github.io/InternalAllTheThings/methodology/vulnerability-reports/#tools) -* [Vulnerability Report Structure](https://swisskyrepo.github.io/InternalAllTheThings/methodology/vulnerability-reports/#vulnerability-report-structure) -* [Vulnerability Details Structure](https://swisskyrepo.github.io/InternalAllTheThings/methodology/vulnerability-reports/#vulnerability-details-structure) -* [General Guidelines](https://swisskyrepo.github.io/InternalAllTheThings/methodology/vulnerability-reports/#general-guidelines) -* [References](https://swisskyrepo.github.io/InternalAllTheThings/methodology/vulnerability-reports/#references) \ No newline at end of file +- [Tools](https://swisskyrepo.github.io/InternalAllTheThings/methodology/vulnerability-reports/#tools) +- [Vulnerability Report Structure](https://swisskyrepo.github.io/InternalAllTheThings/methodology/vulnerability-reports/#vulnerability-report-structure) +- [Vulnerability Details Structure](https://swisskyrepo.github.io/InternalAllTheThings/methodology/vulnerability-reports/#vulnerability-details-structure) +- [General Guidelines](https://swisskyrepo.github.io/InternalAllTheThings/methodology/vulnerability-reports/#general-guidelines) +- [References](https://swisskyrepo.github.io/InternalAllTheThings/methodology/vulnerability-reports/#references) \ No newline at end of file diff --git a/Methodology and Resources/Windows - AMSI Bypass.md b/Methodology and Resources/Windows - AMSI Bypass.md index ac9676b..c58776d 100644 --- a/Methodology and Resources/Windows - AMSI Bypass.md +++ b/Methodology and Resources/Windows - AMSI Bypass.md @@ -2,20 +2,20 @@ :warning: Content of this page has been moved to [InternalAllTheThings/redteam/evasion/windows-amsi-bypass](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/) -* [List AMSI Providers](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#list-amsi-providers) -* [Which Endpoint Protection is Using AMSI](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#which-endpoint-protection-is-using-amsi) -* [Patching amsi.dll AmsiScanBuffer by rasta-mouse](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Patching-amsi.dll-AmsiScanBuffer-by-rasta-mouse) -* [Dont use net webclient](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Dont-use-net-webclient) -* [Amsi ScanBuffer Patch from -> https://www.contextis.com/de/blog/amsi-bypass](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Amsi-ScanBuffer-Patch) -* [Forcing an error](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Forcing-an-error) -* [Disable Script Logging](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Disable-Script-Logging) -* [Amsi Buffer Patch - In memory](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Amsi-Buffer-Patch---In-memory) -* [Same as 6 but integer Bytes instead of Base64](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Same-as-6-but-integer-Bytes-instead-of-Base64) -* [Using Matt Graeber's Reflection method](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Using-Matt-Graebers-Reflection-method) -* [Using Matt Graeber's Reflection method with WMF5 autologging bypass](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Using-Matt-Graebers-Reflection-method-with-WMF5-autologging-bypass) -* [Using Matt Graeber's second Reflection method](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Using-Matt-Graebers-second-Reflection-method) -* [Using Cornelis de Plaa's DLL hijack method](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Using-Cornelis-de-Plaas-DLL-hijack-method") -* [Use Powershell Version 2 - No AMSI Support there](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Using-PowerShell-version-2) -* [Nishang all in one](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Nishang-all-in-one) -* [Adam Chesters Patch](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Adam-Chester-Patch) -* [AMSI.fail](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#amsifail) \ No newline at end of file +- [List AMSI Providers](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#list-amsi-providers) +- [Which Endpoint Protection is Using AMSI](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#which-endpoint-protection-is-using-amsi) +- [Patching amsi.dll AmsiScanBuffer by rasta-mouse](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Patching-amsi.dll-AmsiScanBuffer-by-rasta-mouse) +- [Dont use net webclient](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Dont-use-net-webclient) +- [Amsi ScanBuffer Patch from -> https://www.contextis.com/de/blog/amsi-bypass](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Amsi-ScanBuffer-Patch) +- [Forcing an error](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Forcing-an-error) +- [Disable Script Logging](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Disable-Script-Logging) +- [Amsi Buffer Patch - In memory](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Amsi-Buffer-Patch---In-memory) +- [Same as 6 but integer Bytes instead of Base64](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Same-as-6-but-integer-Bytes-instead-of-Base64) +- [Using Matt Graeber's Reflection method](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Using-Matt-Graebers-Reflection-method) +- [Using Matt Graeber's Reflection method with WMF5 autologging bypass](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Using-Matt-Graebers-Reflection-method-with-WMF5-autologging-bypass) +- [Using Matt Graeber's second Reflection method](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Using-Matt-Graebers-second-Reflection-method) +- [Using Cornelis de Plaa's DLL hijack method](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Using-Cornelis-de-Plaas-DLL-hijack-method") +- [Use Powershell Version 2 - No AMSI Support there](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Using-PowerShell-version-2) +- [Nishang all in one](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Nishang-all-in-one) +- [Adam Chesters Patch](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#Adam-Chester-Patch) +- [AMSI.fail](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-amsi-bypass/#amsifail) \ No newline at end of file diff --git a/Methodology and Resources/Windows - DPAPI.md b/Methodology and Resources/Windows - DPAPI.md index 89ea56d..41a4c16 100644 --- a/Methodology and Resources/Windows - DPAPI.md +++ b/Methodology and Resources/Windows - DPAPI.md @@ -2,8 +2,8 @@ :warning: Content of this page has been moved to [InternalAllTheThings/redteam/evasion/windows-dpapi](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-dpapi/) -* [List Credential Files](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-dpapi/#list-credential-files) -* [DPAPI LocalMachine Context](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-dpapi/#dpapi-localmachine-context) -* [Mimikatz - Credential Manager & DPAPI](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-dpapi/#mimikatz---credential-manager--dpapi) -* [Hekatomb - Steal all credentials on domain](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-dpapi/#hekatomb---steal-all-credentials-on-domain) -* [DonPAPI - Dumping DPAPI credz remotely](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-dpapi/#donpapi---dumping-dpapi-credz-remotely) \ No newline at end of file +- [List Credential Files](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-dpapi/#list-credential-files) +- [DPAPI LocalMachine Context](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-dpapi/#dpapi-localmachine-context) +- [Mimikatz - Credential Manager & DPAPI](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-dpapi/#mimikatz---credential-manager--dpapi) +- [Hekatomb - Steal all credentials on domain](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-dpapi/#hekatomb---steal-all-credentials-on-domain) +- [DonPAPI - Dumping DPAPI credz remotely](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-dpapi/#donpapi---dumping-dpapi-credz-remotely) \ No newline at end of file diff --git a/Methodology and Resources/Windows - Defenses.md b/Methodology and Resources/Windows - Defenses.md index 7ba5115..8eb234d 100644 --- a/Methodology and Resources/Windows - Defenses.md +++ b/Methodology and Resources/Windows - Defenses.md @@ -2,18 +2,18 @@ :warning: Content of this page has been moved to [InternalAllTheThings/redteam/evasion/windows-defenses](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/) -* [AppLocker](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#applocker) -* [User Account Control](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#user-account-control) -* [DPAPI](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#dpapi) -* [Powershell](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#powershell) - * [Anti Malware Scan Interface](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#anti-malware-scan-interface) - * [Just Enough Administration](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#just-enough-administration) - * [Contrained Language Mode](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#constrained-language-mode) - * [Script Block Logging](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#script-block-logging) -* [Protected Process Light](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#protected-process-light) -* [Credential Guard](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#credential-guard) -* [Event Tracing for Windows](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#event-tracing-for-windows) -* [Windows Defender Antivirus](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#windows-defender-antivirus) -* [Windows Defender Application Control](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#windows-defender-application-control) -* [Windows Defender Firewall](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#windows-defender-firewall) -* [Windows Information Protection](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#windows-information-protection) \ No newline at end of file +- [AppLocker](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#applocker) +- [User Account Control](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#user-account-control) +- [DPAPI](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#dpapi) +- [Powershell](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#powershell) + - [Anti Malware Scan Interface](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#anti-malware-scan-interface) + - [Just Enough Administration](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#just-enough-administration) + - [Contrained Language Mode](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#constrained-language-mode) + - [Script Block Logging](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#script-block-logging) +- [Protected Process Light](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#protected-process-light) +- [Credential Guard](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#credential-guard) +- [Event Tracing for Windows](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#event-tracing-for-windows) +- [Windows Defender Antivirus](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#windows-defender-antivirus) +- [Windows Defender Application Control](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#windows-defender-application-control) +- [Windows Defender Firewall](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#windows-defender-firewall) +- [Windows Information Protection](https://swisskyrepo.github.io/InternalAllTheThings/redteam/evasion/windows-defenses/#windows-information-protection) \ No newline at end of file diff --git a/Methodology and Resources/Windows - Download and Execute.md b/Methodology and Resources/Windows - Download and Execute.md index 13eac6f..5fb9bd9 100644 --- a/Methodology and Resources/Windows - Download and Execute.md +++ b/Methodology and Resources/Windows - Download and Execute.md @@ -2,16 +2,16 @@ :warning: Content of this page has been moved to [InternalAllTheThings/redteam/access/windows-download-execute](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/) -* [Downloaded files location](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#downloaded-files-location) -* [Powershell](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#powershell) -* [Cmd](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#cmd) -* [Cscript / Wscript](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#cscript-wscript) -* [Mshta](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#mshta) -* [Rundll32](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#rundll32) -* [Regasm / Regsvc](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#regasm-regsvc-subtee) -* [Regsvr32](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#regsvr32) -* [Odbcconf](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#odbcconf) -* [Msbuild](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#msbuild) -* [Certutil](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#certutil) -* [Bitsadmin](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#bitsadmin) -* [References](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#references) \ No newline at end of file +- [Downloaded files location](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#downloaded-files-location) +- [Powershell](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#powershell) +- [Cmd](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#cmd) +- [Cscript / Wscript](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#cscript-wscript) +- [Mshta](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#mshta) +- [Rundll32](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#rundll32) +- [Regasm / Regsvc](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#regasm-regsvc-subtee) +- [Regsvr32](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#regsvr32) +- [Odbcconf](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#odbcconf) +- [Msbuild](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#msbuild) +- [Certutil](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#certutil) +- [Bitsadmin](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#bitsadmin) +- [References](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-download-execute/#references) \ No newline at end of file diff --git a/Methodology and Resources/Windows - Mimikatz.md b/Methodology and Resources/Windows - Mimikatz.md index c73ae05..c8028ed 100644 --- a/Methodology and Resources/Windows - Mimikatz.md +++ b/Methodology and Resources/Windows - Mimikatz.md @@ -2,19 +2,19 @@ :warning: Content of this page has been moved to [InternalAllTheThings/cheatsheets/mimikatz](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/) -* [Execute commands](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#execute-commands) -* [Extract passwords](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#extract-passwords) -* [LSA Protection Workaround](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#lsa-protection-workaround) -* [Mini Dump](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#mini-dump) -* [Pass The Hash](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#pass-the-hash) -* [Golden ticket](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#golden-ticket) -* [Skeleton key](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#skeleton-key) -* [RDP Session Takeover](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#rdp-session-takeover) -* [RDP Passwords](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#rdp-passwords) -* [Credential Manager & DPAPI](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#credential-manager--dpapi) - * [Chrome Cookies & Credential](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#chrome-cookies--credential) - * [Task Scheduled credentials](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#task-scheduled-credentials) - * [Vault](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#vault) -* [Commands list](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#commands-list) -* [Powershell version](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#powershell-version) -* [References](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#references) \ No newline at end of file +- [Execute commands](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#execute-commands) +- [Extract passwords](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#extract-passwords) +- [LSA Protection Workaround](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#lsa-protection-workaround) +- [Mini Dump](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#mini-dump) +- [Pass The Hash](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#pass-the-hash) +- [Golden ticket](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#golden-ticket) +- [Skeleton key](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#skeleton-key) +- [RDP Session Takeover](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#rdp-session-takeover) +- [RDP Passwords](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#rdp-passwords) +- [Credential Manager & DPAPI](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#credential-manager--dpapi) + - [Chrome Cookies & Credential](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#chrome-cookies--credential) + - [Task Scheduled credentials](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#task-scheduled-credentials) + - [Vault](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#vault) +- [Commands list](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#commands-list) +- [Powershell version](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#powershell-version) +- [References](https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/mimikatz-cheatsheet/#references) \ No newline at end of file diff --git a/Methodology and Resources/Windows - Persistence.md b/Methodology and Resources/Windows - Persistence.md index b6332c7..40ef946 100644 --- a/Methodology and Resources/Windows - Persistence.md +++ b/Methodology and Resources/Windows - Persistence.md @@ -2,39 +2,39 @@ :warning: Content of this page has been moved to [InternalAllTheThings/redteam/persistence/windows](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/) -* [Tools](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#tools) -* [Hide Your Binary](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#hide-your-binary) -* [Disable Antivirus and Security](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#disable-antivirus-and-security) - * [Antivirus Removal](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#antivirus-removal) - * [Disable Windows Defender](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#disable-windows-defender) - * [Disable Windows Firewall](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#disable-windows-firewall) - * [Clear System and Security Logs](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#clear-system-and-security-logs) -* [Simple User](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#simple-user) - * [Registry HKCU](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#registry-hkcu) - * [Startup](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#startup) - * [Scheduled Tasks User](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#scheduled-tasks-user) - * [BITS Jobs](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#bits-jobs) -* [Serviceland](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#serviceland) - * [IIS](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#iis) - * [Windows Service](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#windows-service) -* [Elevated](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#elevated) - * [Registry HKLM](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#registry-hklm) - * [Winlogon Helper DLL](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#) - * [GlobalFlag](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#) - * [Startup Elevated](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#startup-elevated) - * [Services Elevated](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#services-elevated) - * [Scheduled Tasks Elevated](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#scheduled-tasks-elevated) - * [Binary Replacement](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#binary-replacement) - * [Binary Replacement on Windows XP+](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#binary-replacement-on-windows-xp) - * [Binary Replacement on Windows 10+](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#binary-replacement-on-windows-10) - * [RDP Backdoor](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#rdp-backdoor) - * [utilman.exe](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#utilman.exe) - * [sethc.exe](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#sethc.exe) - * [Remote Desktop Services Shadowing](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#remote-desktop-services-shadowing) - * [Skeleton Key](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#skeleton-key) - * [Virtual Machines](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#virtual-machines) - * [Windows Subsystem for Linux](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#windows-subsystem-for-linux) -* [Domain](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#domain) - * [Golden Certificate](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#golden-certificate) - * [Golden Ticket](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#golden-ticket) -* [References](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#references) \ No newline at end of file +- [Tools](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#tools) +- [Hide Your Binary](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#hide-your-binary) +- [Disable Antivirus and Security](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#disable-antivirus-and-security) + - [Antivirus Removal](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#antivirus-removal) + - [Disable Windows Defender](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#disable-windows-defender) + - [Disable Windows Firewall](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#disable-windows-firewall) + - [Clear System and Security Logs](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#clear-system-and-security-logs) +- [Simple User](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#simple-user) + - [Registry HKCU](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#registry-hkcu) + - [Startup](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#startup) + - [Scheduled Tasks User](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#scheduled-tasks-user) + - [BITS Jobs](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#bits-jobs) +- [Serviceland](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#serviceland) + - [IIS](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#iis) + - [Windows Service](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#windows-service) +- [Elevated](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#elevated) + - [Registry HKLM](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#registry-hklm) + - [Winlogon Helper DLL](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#) + - [GlobalFlag](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#) + - [Startup Elevated](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#startup-elevated) + - [Services Elevated](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#services-elevated) + - [Scheduled Tasks Elevated](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#scheduled-tasks-elevated) + - [Binary Replacement](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#binary-replacement) + - [Binary Replacement on Windows XP+](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#binary-replacement-on-windows-xp) + - [Binary Replacement on Windows 10+](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#binary-replacement-on-windows-10) + - [RDP Backdoor](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#rdp-backdoor) + - [utilman.exe](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#utilman.exe) + - [sethc.exe](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#sethc.exe) + - [Remote Desktop Services Shadowing](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#remote-desktop-services-shadowing) + - [Skeleton Key](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#skeleton-key) + - [Virtual Machines](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#virtual-machines) + - [Windows Subsystem for Linux](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#windows-subsystem-for-linux) +- [Domain](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#domain) + - [Golden Certificate](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#golden-certificate) + - [Golden Ticket](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#golden-ticket) +- [References](https://swisskyrepo.github.io/InternalAllTheThings/redteam/persistence/windows-persistence/#references) \ No newline at end of file diff --git a/Methodology and Resources/Windows - Privilege Escalation.md b/Methodology and Resources/Windows - Privilege Escalation.md index f05529d..8d1169b 100644 --- a/Methodology and Resources/Windows - Privilege Escalation.md +++ b/Methodology and Resources/Windows - Privilege Escalation.md @@ -2,67 +2,67 @@ :warning: Content of this page has been moved to [InternalAllTheThings/redteam/escalation/windows-privilege-escalation](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/) -* [Tools](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#tools) -* [Windows Version and Configuration](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#windows-version-and-configuration) -* [User Enumeration](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#user-enumeration) -* [Network Enumeration](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#network-enumeration) -* [Antivirus Enumeration](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#antivirus-enumeration) -* [Default Writeable Folders](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#default-writeable-folders) -* [EoP - Looting for passwords](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---looting-for-passwords) - * [SAM and SYSTEM files](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#sam-and-system-files) - * [HiveNightmare](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#hivenightmare) - * [LAPS Settings](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#laps-settings) - * [Search for file contents](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#search-for-file-contents) - * [Search for a file with a certain filename](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#search-for-a-file-with-a-certain-filename) - * [Search the registry for key names and passwords](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#search-the-registry-for-key-names-and-passwords) - * [Passwords in unattend.xml](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#passwords-in-unattendxml) - * [Wifi passwords](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#wifi-passwords) - * [Sticky Notes passwords](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#sticky-notes-passwords) - * [Passwords stored in services](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#passwords-stored-in-services) - * [Passwords stored in Key Manager](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#passwords-stored-in-key-manager) - * [Powershell History](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#powershell-history) - * [Powershell Transcript](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#powershell-transcript) - * [Password in Alternate Data Stream](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#password-in-alternate-data-stream) -* [EoP - Processes Enumeration and Tasks](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---processes-enumeration-and-tasks) -* [EoP - Incorrect permissions in services](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---incorrect-permissions-in-services) -* [EoP - Windows Subsystem for Linux (WSL)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---windows-subsystem-for-linux-wsl) -* [EoP - Unquoted Service Paths](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---unquoted-service-paths) -* [EoP - $PATH Interception](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---path-interception) -* [EoP - Named Pipes](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---named-pipes) -* [EoP - Kernel Exploitation](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---kernel-exploitation) -* [EoP - Microsoft Windows Installer](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---microsoft-windows-installer) - * [AlwaysInstallElevated](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#alwaysinstallelevated) - * [CustomActions](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#customactions) -* [EoP - Insecure GUI apps](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---insecure-gui-apps) -* [EoP - Evaluating Vulnerable Drivers](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---evaluating-vulnerable-drivers) -* [EoP - Printers](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---printers) - * [Universal Printer](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#universal-printer) - * [Bring Your Own Vulnerability](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#bring-your-own-vulnerability) -* [EoP - Runas](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---runas) -* [EoP - Abusing Shadow Copies](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---abusing-shadow-copies) -* [EoP - From local administrator to NT SYSTEM](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---from-local-administrator-to-nt-system) -* [EoP - Living Off The Land Binaries and Scripts](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---living-off-the-land-binaries-and-scripts) -* [EoP - Impersonation Privileges](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---impersonation-privileges) - * [Restore A Service Account's Privileges](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#restore-a-service-accounts-privileges) - * [Meterpreter getsystem and alternatives](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#meterpreter-getsystem-and-alternatives) - * [RottenPotato (Token Impersonation)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#rottenpotato-token-impersonation) - * [Juicy Potato (Abusing the golden privileges)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#juicy-potato-abusing-the-golden-privileges) - * [Rogue Potato (Fake OXID Resolver)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#rogue-potato-fake-oxid-resolver)) - * [EFSPotato (MS-EFSR EfsRpcOpenFileRaw)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#efspotato-ms-efsr-efsrpcopenfileraw)) - * [PrintSpoofer (Printer Bug)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#PrintSpoofer-Printer-Bug))) -* [EoP - Privileged File Write](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---privileged-file-write) - * [DiagHub](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#diaghub) - * [UsoDLLLoader](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#usodllloader) - * [WerTrigger](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#wertrigger) - * [WerMgr](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#wermgr) -* [EoP - Privileged File Delete](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---privileged-file-delete) -* [EoP - Common Vulnerabilities and Exposures](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---common-vulnerabilities-and-exposure) - * [MS08-067 (NetAPI)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#ms08-067-netapi) - * [MS10-015 (KiTrap0D)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#ms10-015-kitrap0d---microsoft-windows-nt2000--2003--2008--xp--vista--7) - * [MS11-080 (adf.sys)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#ms11-080-afd.sys---microsoft-windows-xp-2003) - * [MS15-051 (Client Copy Image)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#ms15-051---microsoft-windows-2003--2008--7--8--2012) - * [MS16-032](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#ms16-032---microsoft-windows-7--10--2008--2012-r2-x86x64) - * [MS17-010 (Eternal Blue)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#ms17-010-eternal-blue) - * [CVE-2019-1388](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#cve-2019-1388) -* [EoP - $PATH Interception](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---path-interception) -* [References](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#references) \ No newline at end of file +- [Tools](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#tools) +- [Windows Version and Configuration](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#windows-version-and-configuration) +- [User Enumeration](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#user-enumeration) +- [Network Enumeration](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#network-enumeration) +- [Antivirus Enumeration](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#antivirus-enumeration) +- [Default Writeable Folders](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#default-writeable-folders) +- [EoP - Looting for passwords](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---looting-for-passwords) + - [SAM and SYSTEM files](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#sam-and-system-files) + - [HiveNightmare](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#hivenightmare) + - [LAPS Settings](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#laps-settings) + - [Search for file contents](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#search-for-file-contents) + - [Search for a file with a certain filename](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#search-for-a-file-with-a-certain-filename) + - [Search the registry for key names and passwords](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#search-the-registry-for-key-names-and-passwords) + - [Passwords in unattend.xml](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#passwords-in-unattendxml) + - [Wifi passwords](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#wifi-passwords) + - [Sticky Notes passwords](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#sticky-notes-passwords) + - [Passwords stored in services](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#passwords-stored-in-services) + - [Passwords stored in Key Manager](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#passwords-stored-in-key-manager) + - [Powershell History](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#powershell-history) + - [Powershell Transcript](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#powershell-transcript) + - [Password in Alternate Data Stream](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#password-in-alternate-data-stream) +- [EoP - Processes Enumeration and Tasks](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---processes-enumeration-and-tasks) +- [EoP - Incorrect permissions in services](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---incorrect-permissions-in-services) +- [EoP - Windows Subsystem for Linux (WSL)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---windows-subsystem-for-linux-wsl) +- [EoP - Unquoted Service Paths](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---unquoted-service-paths) +- [EoP - $PATH Interception](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---path-interception) +- [EoP - Named Pipes](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---named-pipes) +- [EoP - Kernel Exploitation](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---kernel-exploitation) +- [EoP - Microsoft Windows Installer](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---microsoft-windows-installer) + - [AlwaysInstallElevated](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#alwaysinstallelevated) + - [CustomActions](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#customactions) +- [EoP - Insecure GUI apps](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---insecure-gui-apps) +- [EoP - Evaluating Vulnerable Drivers](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---evaluating-vulnerable-drivers) +- [EoP - Printers](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---printers) + - [Universal Printer](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#universal-printer) + - [Bring Your Own Vulnerability](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#bring-your-own-vulnerability) +- [EoP - Runas](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---runas) +- [EoP - Abusing Shadow Copies](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---abusing-shadow-copies) +- [EoP - From local administrator to NT SYSTEM](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---from-local-administrator-to-nt-system) +- [EoP - Living Off The Land Binaries and Scripts](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---living-off-the-land-binaries-and-scripts) +- [EoP - Impersonation Privileges](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---impersonation-privileges) + - [Restore A Service Account's Privileges](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#restore-a-service-accounts-privileges) + - [Meterpreter getsystem and alternatives](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#meterpreter-getsystem-and-alternatives) + - [RottenPotato (Token Impersonation)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#rottenpotato-token-impersonation) + - [Juicy Potato (Abusing the golden privileges)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#juicy-potato-abusing-the-golden-privileges) + - [Rogue Potato (Fake OXID Resolver)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#rogue-potato-fake-oxid-resolver)) + - [EFSPotato (MS-EFSR EfsRpcOpenFileRaw)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#efspotato-ms-efsr-efsrpcopenfileraw)) + - [PrintSpoofer (Printer Bug)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#PrintSpoofer-Printer-Bug))) +- [EoP - Privileged File Write](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---privileged-file-write) + - [DiagHub](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#diaghub) + - [UsoDLLLoader](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#usodllloader) + - [WerTrigger](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#wertrigger) + - [WerMgr](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#wermgr) +- [EoP - Privileged File Delete](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---privileged-file-delete) +- [EoP - Common Vulnerabilities and Exposures](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---common-vulnerabilities-and-exposure) + - [MS08-067 (NetAPI)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#ms08-067-netapi) + - [MS10-015 (KiTrap0D)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#ms10-015-kitrap0d---microsoft-windows-nt2000--2003--2008--xp--vista--7) + - [MS11-080 (adf.sys)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#ms11-080-afd.sys---microsoft-windows-xp-2003) + - [MS15-051 (Client Copy Image)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#ms15-051---microsoft-windows-2003--2008--7--8--2012) + - [MS16-032](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#ms16-032---microsoft-windows-7--10--2008--2012-r2-x86x64) + - [MS17-010 (Eternal Blue)](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#ms17-010-eternal-blue) + - [CVE-2019-1388](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#cve-2019-1388) +- [EoP - $PATH Interception](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#eop---path-interception) +- [References](https://swisskyrepo.github.io/InternalAllTheThings/redteam/escalation/windows-privilege-escalation/#references) \ No newline at end of file diff --git a/Methodology and Resources/Windows - Using credentials.md b/Methodology and Resources/Windows - Using credentials.md index 6b1cc2b..65e135b 100644 --- a/Methodology and Resources/Windows - Using credentials.md +++ b/Methodology and Resources/Windows - Using credentials.md @@ -2,27 +2,27 @@ :warning: Content of this page has been moved to [InternalAllTheThings/redteam/access/windows-using-credentials](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/) -* [Get credentials](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#get-credentials) - * [Create your credential](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#create-your-credential) - * [Guest Credential](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#guest-credential) - * [Retail Credential](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#retail-credential) - * [Sandbox Credential](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#sandbox-credential) -* [NetExec](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#netexec) -* [Impacket](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#impacket) - * [PSExec](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#psexec) - * [WMIExec](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#wmiexec) - * [SMBExec](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#smbexec) +- [Get credentials](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#get-credentials) + - [Create your credential](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#create-your-credential) + - [Guest Credential](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#guest-credential) + - [Retail Credential](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#retail-credential) + - [Sandbox Credential](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#sandbox-credential) +- [NetExec](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#netexec) +- [Impacket](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#impacket) + - [PSExec](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#psexec) + - [WMIExec](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#wmiexec) + - [SMBExec](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#smbexec) -* [RDP Remote Desktop Protocol](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#rdp-remote-desktop-protocol) -* [Powershell Remoting Protocol](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#powershell-remoting-protocol) - * [Powershell Credentials](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#powershell-credentials) - * [Powershell PSSESSION](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#powershell-pssession) - * [Powershell Secure String](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#powershell-secure-strings) -* [SSH Protocol](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#ssh-protocol) -* [WinRM Protocol](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#winrm-protocol) -* [WMI Protocol](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#wmi-protocol) +- [RDP Remote Desktop Protocol](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#rdp-remote-desktop-protocol) +- [Powershell Remoting Protocol](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#powershell-remoting-protocol) + - [Powershell Credentials](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#powershell-credentials) + - [Powershell PSSESSION](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#powershell-pssession) + - [Powershell Secure String](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#powershell-secure-strings) +- [SSH Protocol](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#ssh-protocol) +- [WinRM Protocol](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#winrm-protocol) +- [WMI Protocol](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#wmi-protocol) -* [Other methods](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#other-methods) - * [PsExec - Sysinternal](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#psexec-sysinternal) - * [Mount a remote share](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#mount-a-remote-share) - * [Run as another user](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#run-as-another-user) \ No newline at end of file +- [Other methods](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#other-methods) + - [PsExec - Sysinternal](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#psexec-sysinternal) + - [Mount a remote share](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#mount-a-remote-share) + - [Run as another user](https://swisskyrepo.github.io/InternalAllTheThings/redteam/access/windows-using-credentials/#run-as-another-user) \ No newline at end of file