Swissky
bcb24c9866
Abusing Active Directory ACLs/ACEs
2019-12-30 14:22:10 +01:00
Swissky
4b10c5e302
AD mitigations
2019-12-26 12:09:23 +01:00
Swissky
1535c5f1b3
Kubernetes - Privileged Service Account Token
2019-12-20 11:33:25 +01:00
Swissky
cf5a4b6e97
XSLT injection draft
2019-12-17 21:13:59 +01:00
Swissky
896e262531
Privilege impersonation and GraphQL SQLi
2019-12-11 16:59:14 +01:00
Swissky
6f4a28ef66
Slim RCE + CAP list
2019-12-05 23:06:53 +01:00
Swissky
c60f264664
RDP backdoor + RDP session takeover
2019-11-26 23:39:14 +01:00
Swissky
06864b0ff8
Password spraying rewrite + Summary fix
2019-11-25 23:35:20 +01:00
Swissky
3abaa3e23d
Linux AD - Keyring, Keytab, CCACHE
2019-11-25 23:12:06 +01:00
Swissky
00684a10cd
IIS asp shell with .asa, .cer, .xamlx
2019-11-16 14:53:42 +01:00
Swissky
639dc9faec
.url file in writeable share
2019-11-14 23:54:57 +01:00
Swissky
3a384c34aa
Password spray + AD summary re-org
2019-11-14 23:37:51 +01:00
Swissky
7f266bfda8
mitm ipv6 + macOS kerberoasting
2019-11-14 23:26:13 +01:00
M4x
221b353030
fix invalid link
2019-11-14 16:59:52 +08:00
Swissky
43f185d289
CVE-2019-1322 UsoSvc
2019-11-11 20:31:07 +01:00
Swissky
f6d5221a85
SID history break trust + Powershell history + SCF files
2019-11-07 23:21:00 +01:00
Swissky
24516ca7a1
Kubernetes attacks update + ref to securityboulevard
2019-11-05 11:05:59 +01:00
Swissky
60050219b7
Impersonating Office 365 Users on Azure AD Connect
2019-11-04 21:43:44 +01:00
Dave
775d10c256
Fix awk snippet
...
A small typo in the awk one-liner prevents successful execution of the command.
```
awk: cmd. line:1: warning: remote host and port information (10.0.0.1>, 4242) invalid: Name or service not known
awk: cmd. line:1: fatal: can't open two way pipe `/inet/tcp/0/10.0.0.1>/4242' for input/output (No such file or directory)
```
This commit fixes this :)
2019-11-03 16:07:16 +00:00
Dave
6b22d53257
Fix lua reverse shell quote issue
...
The single quotes around `io.popen` prevented the one-liner to be executed.
This change should fix that :)
2019-10-29 19:31:07 +00:00
Hi15358
34d8853728
Merge pull request #1 from Hi15358/patch-1
...
Patch 1
2019-10-29 16:30:58 +08:00
Swissky
727eb5cabd
Drop the MIC
2019-10-21 23:00:27 +02:00
Swissky
11fc6e4bc5
NTLM relay + MS08-068
2019-10-20 22:09:36 +02:00
Hi15358
b54142c3a2
Update Reverse Shell Cheatsheet.md
2019-10-21 02:35:13 +08:00
Swissky
ed252df92e
krb5.keytab + credential use summary
2019-10-20 13:25:06 +02:00
Swissky
7159a3ded3
RODC dcsync note + Dumping AD Domain summary
2019-10-18 00:07:09 +02:00
OOP
f0af3b4f4d
Update Active Directory Attack.md
2019-10-15 23:18:07 +07:00
Swissky
357658371f
SSRF URL for Google Cloud
2019-10-06 20:59:58 +02:00
Mark
3fb2a9006f
Add Spyse to network discovery
...
1. spyse itself
2. python wrapper - using only a part of the available functionality of spyse, but will be updated very soon.
2019-09-30 15:26:26 +04:00
Swissky
3221197b1e
RCE vBulletin + findomain
2019-09-26 20:41:01 +02:00
Swissky
742e3204d3
SharpPersist - Windows Persistence
2019-09-13 17:38:23 +02:00
Swissky
5455c30ec7
Juicy Potato + XXE update
2019-09-08 19:44:51 +02:00
Swissky
2b1900e046
PrivEsc - sudoers + Upload PHP
2019-09-02 12:36:40 +02:00
Swissky
3ca07aeb7a
Docker Privesc - Unix socket
2019-08-30 17:25:07 +02:00
Alexandre ZANNI
72c54b5c1b
add missing backtick
2019-08-29 09:49:09 +02:00
Swissky
bb305d0183
Network Discovery - Masscan update
2019-08-29 01:08:26 +02:00
Swissky
6c161f26b2
JWT None alternative + MS15-051
2019-08-22 23:03:48 +02:00
David B
3fd0791c2a
Update Linux - Privilege Escalation.md
...
Adding a tool that helps with privilege escalation on linux through SUDO.
2019-08-19 00:55:30 +02:00
Swissky
8dffb59ac5
Pspy + Silver Ticket + MSSQL connect
2019-08-18 22:24:48 +02:00
Swissky
4a176615fe
CORS Misconfiguration
2019-08-18 12:08:51 +02:00
Swissky
b6697d8595
SSRF SVG + Windows Token getsystem
2019-08-15 18:21:06 +02:00
Swissky
bd449e9cea
XSS PostMessage
2019-08-03 23:22:14 +02:00
Swissky
6baa446144
Directory Traversal CVE 2018 Spring
2019-07-27 13:02:16 +02:00
Swissky
98124178db
EoP - Juicy Potato
2019-07-26 15:29:34 +02:00
Swissky
657823a353
PTH Mitigation + Linux Smart Enumeration
2019-07-26 14:24:58 +02:00
Swissky
f6c0f226af
PXE boot attack
2019-07-25 14:08:32 +02:00
Swissky
859695e2be
Update PrivExchange based on chryzsh blog post
2019-07-24 14:10:58 +02:00
Swissky
a14b3af934
Active Directory - Resource Based Constrained Delegation
2019-07-22 21:45:50 +02:00
Swissky
45af613fd9
Active Directory - Unconstrained delegation
2019-07-17 23:17:35 +02:00
Swissky
13ba72f124
GraphQL + RDP Bruteforce + PostgreSQL RCE
2019-07-01 23:29:29 +02:00
Swissky
46780de750
PostgreSQL rewrite + LFI SSH
2019-06-29 19:23:34 +02:00
Swissky
144b3827ab
MS14-068 + /etc/security/opasswd
2019-06-29 17:55:13 +02:00
Swissky
9be62677b6
Add root user + PHP null byte version
2019-06-24 00:21:39 +02:00
Swissky
9745e67465
HQL Injection + references update
2019-06-16 23:45:52 +02:00
Dan Borges
24a05c7098
Update Windows - Privilege Escalation.md
2019-06-11 11:51:09 -07:00
Swissky
8cec2e0ca3
Linux PrivEsc - Writable files
2019-06-10 11:09:02 +02:00
Swissky
94a60b43d6
Writable /etc/sudoers + Meterpreter autoroute
2019-06-10 11:00:54 +02:00
Swissky
a85fa5af28
Local File Include : rce via mail + kadimus
2019-06-10 00:05:47 +02:00
Swissky
5d4f65720a
PrivEsc - Common Exploits
2019-06-09 20:53:41 +02:00
Swissky
e8cd11f88f
plink + sshuttle : Network Pivoting Techniques
2019-06-09 18:13:15 +02:00
Swissky
adcea1a913
Linux PrivEsc + SSH persistency
2019-06-09 16:05:44 +02:00
Swissky
f5a8a6b62f
Meterpreter shell
2019-06-09 14:26:14 +02:00
Swissky
93f6c03b54
GraphQL + LXD/etc/passwd PrivEsc + Win firewall
2019-06-09 13:46:40 +02:00
Swissky
f88da43e1c
SQL informationschema.processlist + UPNP warning + getcap -ep
2019-05-25 18:19:08 +02:00
Swissky
9c2e63818f
XSS without parenthesis, semi-colon + Lontara
2019-05-15 21:55:17 +02:00
Swissky
b81df17589
RFI - Windows SMB allow_url_include = "Off"
2019-05-12 22:23:55 +02:00
Swissky
bab04f8587
Masscan + AD password in description + ZSH revshell bugfix + Mimikatz lsass.dmp
2019-05-12 21:34:09 +02:00
Swissky
765c615efe
XSS injection Summary + MSF web delivery
2019-05-12 14:22:48 +02:00
Swissky
9dfd7835ea
mitm6 + ntlmrelayx
2019-04-21 14:08:18 +02:00
Swissky
13864bde04
GoGitDumper + MySQL summary rewrite
2019-04-15 00:49:56 +02:00
Swissky
b4633bbb66
sudo_inject + SSTI FreeMarker + Lin PrivEsc passwords
2019-04-14 21:01:14 +02:00
Swissky
c66197903f
MYSQL Truncation attack + Windows search where
2019-04-14 19:46:34 +02:00
Swissky
546ecd0e36
Linux Privesc - /etc/passwd writable
2019-04-07 23:40:36 +02:00
Alex Zeecka
4b79b865c9
--dc-ip to -dc-ip for psexec cmd
2019-04-03 10:45:45 +02:00
Swissky
187762fac5
Fix typo in reverse shell
2019-04-02 22:45:08 +02:00
Swissky
3af87ddf98
Reverse shell summary + golang
2019-04-02 22:43:44 +02:00
kisec
1eb57ad919
Reverse shell Golang
2019-04-01 12:01:45 +09:00
Swissky
289fa8c22b
PrivEsc - Linux Task
2019-03-31 15:05:13 +02:00
Swissky
90b182f10f
AD references - Blog Post + SSTI basic config item
2019-03-24 16:26:00 +01:00
Swissky
a509909561
PostgreSQL RCE CVE-2019–9193 + ADAPE + WinPrivEsc Resources
2019-03-24 16:00:27 +01:00
Swissky
5d1b8bca79
SAML exploitation + ASREP roasting + Kerbrute
2019-03-24 13:16:23 +01:00
Swissky
e9489f0768
Linux Priv Esc - minor update
2019-03-18 23:19:36 +01:00
Swissky
e5090f2797
Bazaar - version control system
2019-03-15 23:27:14 +01:00
Swissky
ec61e99334
Linux - PrivEsc typo
2019-03-08 20:09:01 +01:00
Swissky
b22fd26800
Linux PrivEsc - LXD Group
2019-03-07 15:27:54 +01:00
Swissky
68df152fd3
Linux PrivEsc - Wildcard/NFS/Sudo
2019-03-07 15:09:06 +01:00
Swissky
404afd1d71
Fix name's capitalization
2019-03-07 00:07:55 +01:00
Swissky
21d1fe7eee
Fix name - Part 1
2019-03-07 00:07:14 +01:00
Swissky
450de2c90f
Typo fix
2019-03-04 19:40:34 +01:00
Swissky
e36b15a6d7
Windows PrivEsc - Table of content update
2019-03-03 20:05:27 +01:00
Swissky
ecadcf3d0f
Windows PrivEsc - Full rewrite
2019-03-03 20:01:25 +01:00
Swissky
2d5b4f2193
Meterpreter generate + LaTeK XSS + Ruby Yaml
2019-03-03 16:31:17 +01:00
Swissky
6d2cd684fa
Web cache deception resources update
2019-03-01 17:49:19 +01:00
Swissky
70225232c9
Polyglot Command Injection + XSS HTML file
2019-02-28 00:36:53 +01:00
Swissky
a58a8113d1
Linux capabilities - setuid + read / Docker group privesc
2019-02-26 17:24:10 +01:00
Swissky
78c882fb34
Jenkins Grrovy + MSSQL UNC + PostgreSQL list files
2019-02-17 20:02:16 +01:00
Swissky
f2273f5cce
PrivExchange attack
2019-02-10 19:51:54 +01:00
Swissky
8c1c35789d
SQLmap tamper update
2019-02-10 19:07:27 +01:00
Swissky
1c37517bf3
.git/index file parsing + fix CSRF payload typo
2019-02-07 23:33:47 +01:00
Swissky
b9f2fe367c
Bugfix - Errors in stashed changes
2019-01-28 20:27:45 +01:00
ThunderSon
99857a714f
fead: add powerless repo to the tools
2019-01-27 20:13:06 +02:00
Swissky
e07a654080
Command injection renamed + sudo/doas privesc
2019-01-22 21:45:41 +01:00
Swissky
4db45a263a
MSSQL union based + Windows Runas
2019-01-20 16:41:46 +01:00
Swissky
3bcd3d1b3c
SUID & Capabilities
2019-01-13 22:05:39 +01:00
Swissky
2e3aef1a19
Shell IPv6 + Sandbox credential
2019-01-07 18:15:45 +01:00
Swissky
e480c9358d
SQL wildcard '_' + CSV injection reverse shell
2018-12-26 01:02:17 +01:00
Swissky
bd97c0be86
README update + Typo fix in Active Directory
2018-12-25 20:41:43 +01:00
Swissky
d57d59eca7
NTLMv2 hash capturing, cracking, replaying
2018-12-25 20:35:39 +01:00
Swissky
d5478d1fd6
AWS Pacu and sections + Kerberoasting details
2018-12-25 19:38:37 +01:00
Swissky
b9efdb52d3
Linux - PrivEsc - First draft
2018-12-25 15:51:11 +01:00
Swissky
38c3bfbd9f
Windows Priv Esc - Unquoted Path, Password looting and Powershell version
2018-12-25 15:19:45 +01:00
Swissky
a6475a19d9
Adding references sectio
2018-12-24 15:02:50 +01:00
Swissky
b4aff1a826
Architecture - Files/Intruder/Images and README + template
2018-12-23 00:45:45 +01:00
Swissky
69c1d601fa
Kerberoasting + SQLmap write SSH key
2018-12-15 00:51:33 +01:00
Swissky
928a454531
Blind XSS endpoint + SSRF Google + Nmap subdomains
2018-11-25 15:44:17 +01:00
Swissky
1225a9a23d
Metasploit Cheatsheet
2018-11-24 15:32:44 +01:00
Swissky
565b40d177
reGeorg + Meterpreter socks + S3 trick name
2018-11-24 13:49:08 +01:00
Swissky
1b2ee3e67a
Subdomain enumeration - New Aquatone (Go)
2018-11-05 13:45:52 +01:00
Swissky
6bcb43e39c
LDAP fix typo + LDAP attributes + LFI filter chaining
2018-11-02 13:50:56 +01:00
Swissky
f1eefd2722
Script Docker RCE
2018-10-18 17:32:01 +02:00
Swissky
35d4139373
WebCache param miner file + Reverse shell Python TTY
2018-10-08 13:49:50 +02:00
Swissky
f0a8b6f8b8
Koadic cheatsheet renamed to "Windows - Post Exploitation"
2018-10-04 17:39:55 +02:00
Swissky
9ebf2057c5
Koadic Cheatsheet + Linux persistence in startup .desktop file
2018-10-04 17:35:57 +02:00
Swissky
747f1d172c
Reverse shell python for Windows + Lua + Awk
2018-10-02 17:17:03 +02:00
Swissky
824d8c370b
Bugfix README + Can I take over xyz
2018-10-02 16:57:01 +02:00
Swissky
1c5f8889bd
Network Discovery and Subdomains enumerations
2018-10-02 16:17:16 +02:00
Swissky
7b49f1b13a
PHP Serialization - phpggc
2018-10-01 12:30:14 +02:00
Swissky
cce0444245
SQL injection - Intruders payloads
2018-09-21 18:44:32 +02:00
Swissky
7a80647e63
Raw MD5 SQL injection + SSH Konami Code
2018-09-10 23:12:29 +02:00
Swissky
beb0ce8c54
Linux Persistence + WebLogic RCE
2018-09-03 18:41:05 +02:00
Swissky
f612a91bb5
LFI via Upload (race condition) + Network Pivot nmap
2018-08-26 15:43:26 +02:00
Swissky
b87e14a0ed
Markdown formatting - Part 2
2018-08-13 12:01:13 +02:00
Swissky
65654f81a4
Markdown formatting update
2018-08-12 23:30:22 +02:00
Swissky
177c12cb79
Multiple update in READMEs + RCE tricks
2018-08-12 00:17:58 +02:00
Swissky
644724396f
LaTeX display code + XSS location alternative
2018-08-01 21:19:18 +02:00
Swissky
93f4bbb19e
AD BloodHound + AD Relationship + SSRF Digital Ocean
2018-07-15 11:06:43 +02:00
Swissky
cdc3adee51
PassTheTicket + OpenShare + Tools(CME example)
2018-07-08 20:03:40 +02:00
Swissky
76aefd9da2
Path traversal refactor + AD cme module msf/empire + IIS web.config
2018-07-07 12:04:55 +02:00
Swissky
a7439d812d
Windows port forwarding - Netsh
2018-06-09 18:56:19 +02:00
Swissky
4ad7c70e89
SSRF to XSS + Retail account Windows
2018-06-06 00:05:28 +02:00
Swissky
8eb6cb80f9
GPP decrypt + SSRF url for cloud providers
2018-05-27 22:27:31 +02:00
Swissky
e261836532
Windows PrivEsc + SQLi second order + AD DiskShadow
2018-05-20 22:10:33 +02:00
Swissky
f1cb7ce50e
SQL Cheatsheets - Refactoring part 1
2018-05-16 23:33:14 +02:00
Swissky
81eebeaea2
AD - Ropnop Tricks
2018-05-08 22:11:36 +02:00
Swissky
6a39f25661
AD - refactor part 4 (link and src)
2018-05-06 19:07:34 +02:00
Swissky
c5bbe88372
AD - refactor part3
2018-05-05 23:11:17 +02:00
Swissky
1feccf84cb
AD refactor - Part 2 : summary
2018-05-05 17:41:04 +02:00
Swissky
6869c399d5
AD refactoring part1
2018-05-05 17:32:19 +02:00
Swissky
2dcffadd46
AD - Little fixes and refactor
2018-04-28 19:54:32 +02:00
Swissky
cb3b298451
Oracle SQL + SQL injection updates (MS SQL/MYSQL/ GENERAL)
2018-04-27 23:31:58 +02:00
Swissky
8209d32baf
Abstract for methodology
2018-04-23 21:22:11 +02:00
Swissky
54661cbd70
Bugfix - Tables Token/Brand
2018-04-23 20:55:26 +02:00
Swissky
aace268267
Payment functionality - International Tests
2018-04-23 20:45:54 +02:00
Swissky
02484cee00
BUGFIX: API Payment
2018-04-23 18:46:09 +02:00
Swissky
9c5eade544
Update methodology - Bugfix
2018-04-23 18:44:49 +02:00
Swissky
f832022920
Drupalgeddon2 update + Payment API in Methodology
2018-04-23 18:41:59 +02:00
Swissky
f62d466340
Fix Golden Ticket
2018-04-15 16:02:27 +02:00
Swissky
b8fbca3347
AD Attack - Golden Ticket + SQL/OpenRed/SSRF
2018-04-12 23:23:41 +02:00
Swissky
e6b5dfa3de
Fix README broken links
2018-03-25 23:51:22 +02:00
Swissky
d1f6e8397d
Refactoring XSS 0/?
2018-03-23 13:53:53 +01:00
Swissky
30019235f8
SQLmap tips + Active Directory attacks + SQLite injections
2018-03-12 09:17:31 +01:00
Swissky
b87c3fd7ff
Traversal Dir + NoSQL major updates + small addons
2018-02-15 23:27:42 +01:00
Swissky
3793d91fd4
Mimikatz + Credential Windows + XXE update
2017-12-06 20:40:29 +01:00
Swissky
2c048f7b52
SSRF Ip script + DDL & Execute Windows
2017-11-24 09:57:48 +01:00
Swissky
dad26ce5e5
More Burp Intruder file - SQLi + Path traversal + XSS
2017-08-06 01:12:41 +02:00