Th1b4ud
14d03b96a1
Linux privesc - SSH Key Predictable PRNG (Authorized_Keys) Process - Summary
2020-04-22 16:00:31 +02:00
Th1b4ud
2e507a2b2f
Linux privesc - SSH Key Predictable PRNG (Authorized_Keys) Process
2020-04-22 15:55:10 +02:00
Th1b4ud
2740600a6b
Alternative TTY method with /usr/bin/script
2020-04-21 19:21:51 +02:00
Swissky
89f906f7a8
Fix issue - C reverse shell
2020-04-21 11:17:39 +02:00
Swissky
af6760ef7a
RoadRecon + JSON None refs
2020-04-17 16:34:51 +02:00
Th1b4ud
29194a8ef1
Add others shell on reverse shell cheatsheet
...
Add others shell on reverse shell cheatsheet
2020-04-13 19:06:01 +02:00
Swissky
6e7af5a267
Docker Registry - Pull/Download
2020-04-04 18:27:41 +02:00
M4x
1d299f55c9
Delete unnecessary escape characters
...
`whoami` has already been wrapped in backquotes. There is no need to user escape characters again
2020-03-29 23:40:39 +08:00
Swissky
be8f32b586
Docker escape and exploit
2020-03-29 16:48:09 +02:00
Swissky
95ab07b45e
CloudTrail disable, GraphQL tool
2020-03-28 12:01:56 +01:00
guenicoe
a3cc577ebd
added cmd on the USOSVC vuln
...
Added `cmd \c C:\Users\nc.exe` as not typing `cmd \c` did not work for me. Might need even more explanation
2020-03-24 20:15:59 +00:00
PixeL
1b190939c4
Remove example from win priv esc
...
This example was used on hackthebox where it leaked the root flag of a machine on free servers.
This resulted in every user being able to get the root flag before they have even completed the box which isn't fair to others.
This example should either be changed or removed completely to combat copy-pasting without knowing what you're doing.
2020-03-23 17:17:42 -05:00
Fanis Katsimpas
2bdbb2dbc5
Update Windows - Privilege Escalation.md
...
Make powershell on EoP - Runas easier to copy paste
2020-03-22 19:25:35 +00:00
Swissky
1538ccd7f2
Gaining AWS Console Access via API Keys
2020-03-19 11:59:49 +01:00
Swissky
1f3a94ba88
AWS SSM + Shadow copy attack
2020-03-06 15:30:38 +01:00
Swissky
5d87804f71
AWS EC2 Instance Connect + Lambda + SSM
2020-03-06 13:33:14 +01:00
Swissky
c19e36ad34
Azure AD Connect - MSOL Account's password and DCSync
2020-03-01 17:06:31 +01:00
Swissky
71a307a86b
AWS - EC2 copy image
2020-02-29 12:56:00 +01:00
Swissky
74f2dfccca
Kerberos Constrained Delegation
2020-02-23 21:20:46 +01:00
Swissky
c5ac4e9eff
AWS Patterns
2020-02-23 20:58:53 +01:00
Swissky
915946a343
Fix Cloud Training
2020-02-21 10:50:43 +01:00
Swissky
bda7100a77
Fix Cloud references
2020-02-21 10:47:16 +01:00
Swissky
984078050b
Cloud - Pentest with AWS and Azure
2020-02-21 10:36:01 +01:00
Swissky
7f0650dfc0
IIS Raid Persistence
2020-02-20 16:51:22 +01:00
Swissky
ba30618a8b
Cobalt Strike - Artifact
2020-02-14 17:10:00 +01:00
Swissky
7cd49769be
WMI + Cobalt Strike
2020-02-13 22:53:45 +01:00
Sameer Bhatt (debugger)
994e557178
Added more TTY Shell using perl and python
2020-02-09 12:46:18 +05:30
Swissky
aba6874517
Maps API + secretsdump enabled user/pw last set + certutil mimikatz
2020-02-06 21:41:29 +01:00
socketz
056161fd9f
Updated Java & Groovy Shells
...
Added threaded shells and alternative pure Java reverse shell
2020-02-06 15:43:58 +01:00
antonioCoco
50a376337d
Update Reverse Shell Cheatsheet.md
2020-02-05 23:29:43 +01:00
Swissky
fb76fdc331
Windows Firewall + DLL hijacking + Named pipes
2020-02-01 22:12:36 +01:00
Swissky
be0397fa68
BloodHound ZIP + Zero Width space tip
2020-01-19 22:46:45 +01:00
Mehtab Zafar
8dc1e3c5fe
Update TTY shell command for python
...
Made the command to use python3 because mostly now the machines have python3 installed.
2020-01-10 17:57:53 +05:30
Ayoma Wijethunga
7f34c01794
Change IP and port to a common value across commands
2020-01-09 16:20:49 +05:30
Ayoma Wijethunga
96b9adb98b
Change IP and port to a common value across commands
2020-01-09 16:17:35 +05:30
Swissky
742c7ee3c2
AppLocker rules
2020-01-06 23:03:54 +01:00
Swissky
71171fa78b
SSRF exploiting WSGI
2020-01-05 22:11:28 +01:00
Swissky
3a9b9529cb
Mimikatz - Credential Manager & DPAPI
2020-01-05 17:27:02 +01:00
Swissky
73abdeed71
Kerberos AD GPO
2020-01-05 16:28:00 +01:00
Swissky
b052f78d95
Blacklist3r and Machine Key
2020-01-02 23:33:04 +01:00
György Demarcsek
9c188139ec
Added PHP reverse shell
...
This reverse shell payload for PHP works even if `exec` is disabled and/or the new socket is not on fd 3
2020-01-02 19:27:35 +01:00
Swissky
0a6ac284c9
AdminSDHolder Abuse
2019-12-30 19:55:47 +01:00
Swissky
bcb24c9866
Abusing Active Directory ACLs/ACEs
2019-12-30 14:22:10 +01:00
Swissky
4b10c5e302
AD mitigations
2019-12-26 12:09:23 +01:00
Swissky
1535c5f1b3
Kubernetes - Privileged Service Account Token
2019-12-20 11:33:25 +01:00
Swissky
cf5a4b6e97
XSLT injection draft
2019-12-17 21:13:59 +01:00
Swissky
896e262531
Privilege impersonation and GraphQL SQLi
2019-12-11 16:59:14 +01:00
Swissky
6f4a28ef66
Slim RCE + CAP list
2019-12-05 23:06:53 +01:00
Swissky
c60f264664
RDP backdoor + RDP session takeover
2019-11-26 23:39:14 +01:00
Swissky
06864b0ff8
Password spraying rewrite + Summary fix
2019-11-25 23:35:20 +01:00