7RU7H
22fe4d16e2
Update Windows -Privilege Escalation - Typo Fix
...
# Line 304 - Typo: `...\CurentControlSet\..` -> `...\CurrentControlSet\..`
2022-10-22 14:27:01 +01:00
Swissky
72a8556dc9
NodeJS Serialization
2022-09-23 11:21:29 +02:00
Swissky
2be739ea4f
Fixing TGS/ST
2022-09-06 10:03:49 +02:00
Swissky
fae02107df
Jetty RCE Credits
2022-09-04 14:24:16 +02:00
Swissky
811863501b
ESC9 - No Security Extension
2022-09-03 12:07:24 +02:00
Swissky
3066615cde
LAPS Access + Pass the Cert + Writeable folder
2022-05-31 11:57:44 +02:00
NocFlame
bebc87887a
added link to hashcat
2022-05-25 10:09:09 +02:00
NocFlame
2ef501f883
replaced backslash with forwardslash in cmd syntax
...
As defined in cmd.exe /?
/C Carries out the command specified by string and then terminates
2022-05-25 09:55:05 +02:00
Swissky
5a89c6a5ca
Windows Management Instrumentation Event Subscription
2022-04-24 15:01:18 +02:00
Swissky
540d3ca399
Vajra + MSSQL hashes
2022-03-05 18:31:15 +01:00
Swissky
e3fb516747
MAQ + WEBDAV
2021-12-29 14:48:42 +01:00
Swissky
7d9dd6806e
Powershell Cheatsheet
2021-11-06 19:14:47 +01:00
Swissky
c8076e99c9
Net-NTLMv1 + DriverPrinter
2021-09-06 20:58:44 +02:00
Swissky
87be30d3b2
DB2 Injection + ADCS
2021-08-10 23:00:19 +02:00
Swissky
d9d4a54d03
RemotePotato0 + HiveNightmare
2021-07-26 21:25:56 +02:00
Swissky
3a4bd97762
AD CS - Mimikatz / Rubeus
2021-07-25 11:40:19 +02:00
Swissky
44735975a5
Active Directory update
2021-07-12 20:45:16 +02:00
Swissky
80816aee31
PrintNightmare - #385
2021-07-01 14:40:03 +02:00
Swissky
a723a34449
PS Transcript + PPLdump.exe
2021-05-06 18:26:00 +02:00
Swissky
08b59f2856
AD update CME+DCOM
2021-04-21 22:27:07 +02:00
Swissky
f6b9d63bf8
DCOM exploitation and MSSQL CLR
2021-03-24 22:26:23 +01:00
Swissky
bd2166027e
GMSA Password + Dart Reverse Shell
2021-03-24 12:44:35 +01:00
Valentín Blanco
73f6ab940c
Update Windows - Privilege Escalation.md
...
Adding WES-NG which is a great and updated replacement for Windows-Exploit-Suggester.
2021-02-10 15:52:41 +01:00
PinkDev1
93769768e2
Added EoP - $PATH Interception
2021-01-28 19:45:54 +00:00
Swissky
01aadf3a44
Alternate Data Stream
2021-01-13 10:22:59 +01:00
Swissky
19a2950b8d
AMSI + Trust
2020-12-08 14:31:01 +01:00
Gorgamite
f9389d708b
Added winPEAS to windows privilege escalation tool
...
WinPEAS is a really thorough privesc enumeration tool for windows, you can find it here: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe
It doesn't auto exploit, but it's rather thorough and effective.
2020-10-29 03:57:40 -07:00
Swissky
5a1ae58a59
Sticky Notes Windows + Cobalt SMB
2020-10-16 11:35:15 +02:00
Swissky
c9be68f0a1
Privilege File Write - Update
2020-10-08 16:51:11 +02:00
Swissky
0df0cc9cf8
Privileged File Write
2020-10-08 16:39:25 +02:00
Swissky
c7e3ea005e
Powershell Remoting
2020-08-09 12:15:56 +02:00
Swissky
ca9326b5fc
Driver Privilege Escalation
2020-07-13 15:00:36 +02:00
Swissky
5323ceb37c
SUDO CVE + Windows Drivers PrivEsc
2020-05-28 11:19:16 +02:00
Swissky
c1731041b5
Misc & Tricks Page + AMSI + Defender
2020-05-16 13:22:55 +02:00
guanicoe
1fc8b57c85
Update Windows - Privilege Escalation.md
...
added Get-Process to list processes
2020-05-03 21:11:01 +00:00
Swissky
5163ef902c
XSS Google Scholar Payload + Skeleton Key Persistence
2020-05-03 16:28:17 +02:00
guenicoe
a3cc577ebd
added cmd on the USOSVC vuln
...
Added `cmd \c C:\Users\nc.exe` as not typing `cmd \c` did not work for me. Might need even more explanation
2020-03-24 20:15:59 +00:00
PixeL
1b190939c4
Remove example from win priv esc
...
This example was used on hackthebox where it leaked the root flag of a machine on free servers.
This resulted in every user being able to get the root flag before they have even completed the box which isn't fair to others.
This example should either be changed or removed completely to combat copy-pasting without knowing what you're doing.
2020-03-23 17:17:42 -05:00
Fanis Katsimpas
2bdbb2dbc5
Update Windows - Privilege Escalation.md
...
Make powershell on EoP - Runas easier to copy paste
2020-03-22 19:25:35 +00:00
Swissky
7cd49769be
WMI + Cobalt Strike
2020-02-13 22:53:45 +01:00
Swissky
fb76fdc331
Windows Firewall + DLL hijacking + Named pipes
2020-02-01 22:12:36 +01:00
Swissky
742c7ee3c2
AppLocker rules
2020-01-06 23:03:54 +01:00
Swissky
b052f78d95
Blacklist3r and Machine Key
2020-01-02 23:33:04 +01:00
Swissky
896e262531
Privilege impersonation and GraphQL SQLi
2019-12-11 16:59:14 +01:00
Swissky
3abaa3e23d
Linux AD - Keyring, Keytab, CCACHE
2019-11-25 23:12:06 +01:00
Swissky
43f185d289
CVE-2019-1322 UsoSvc
2019-11-11 20:31:07 +01:00
Swissky
f6d5221a85
SID history break trust + Powershell history + SCF files
2019-11-07 23:21:00 +01:00
Swissky
357658371f
SSRF URL for Google Cloud
2019-10-06 20:59:58 +02:00
Swissky
5455c30ec7
Juicy Potato + XXE update
2019-09-08 19:44:51 +02:00
Swissky
bb305d0183
Network Discovery - Masscan update
2019-08-29 01:08:26 +02:00