Swissky
8df0f565f3
Sapphire and Diamond Tickets
2022-10-16 20:46:05 +02:00
Swissky
b7043cfedd
Bug Hunting Methodology Update
2022-10-16 00:27:47 +02:00
llamasoft
78ff651643
Add Linux evasion to its own article
...
Linux evasion techniques were previously included as part of persistence,
but the number of techniques are varied enough where it likely should
be its own article.
2022-10-14 17:30:25 -04:00
Swissky
6479c3a400
Merge pull request #574 from sebch-/patch-5
...
Update Active Directory Attack.md
2022-10-12 21:43:44 +02:00
Seb
b809e104e6
Update Active Directory Attack.md
2022-10-12 21:24:47 +02:00
Seb
f18d4991ff
Update Active Directory Attack.md
2022-10-12 19:47:40 +02:00
Seb
5480c40098
Update Hash Cracking.md
2022-10-12 19:29:15 +02:00
Seb
ad5bbd49f1
Update Hash Cracking.md
2022-10-12 18:06:22 +02:00
Swissky
f7a74feaf7
Azure Tools Update
2022-10-12 18:03:49 +02:00
pop3ret
0530c19c88
Update Cloud - AWS Pentest.md
2022-10-09 16:03:33 -03:00
pop3ret
4b4a630085
Changed summary and chapters
...
Changed summary to include the cheatsheet and also changed the format of the cheatsheet to be the same as the original file
2022-10-09 16:01:14 -03:00
Swissky
522b55eec5
Update Cloud - AWS Pentest.md
2022-10-07 10:50:59 +02:00
pop3ret
00189411d4
Merge AWSome Pentesting into Cloud - AWS Pentest
...
Merge the notes with the existing one
2022-10-06 13:43:09 -03:00
Alexander Lübeck
576322d475
Fixed invalid hyperlink
2022-10-02 15:58:16 +02:00
Swissky
99a1304af9
Methodology and enumeration rework
2022-10-02 13:13:16 +02:00
Swissky
4ed3e3b6b9
Blind SSTI Jinja
2022-10-02 12:24:39 +02:00
Swissky
72a8556dc9
NodeJS Serialization
2022-09-23 11:21:29 +02:00
Swissky
2d30e22121
DPAPI - Data Protection API
2022-09-23 00:35:34 +02:00
Processus Thief
8d564ff78b
update hekatomb to install with pip
...
hekatomb is now available on pypi to simplify its installation
2022-09-22 16:10:20 +02:00
Processus Thief
885f8bdb8f
Adding Hekatomb.py to DPAPI credentials stealing
...
Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations.
Then it will download all DPAPI blob of all users from all computers.
Finally, it will extract domain controller private key through RPC uses it to decrypt all credentials.
More infos here : https://github.com/Processus-Thief/HEKATOMB
2022-09-20 16:56:07 +02:00
Swissky
b6e7210ee0
Merge pull request #501 from fantesykikachu/win-p3-revshell
...
Add Windows Python3 Reverse Shell
2022-09-06 23:23:50 +02:00
CravateRouge
dad7362da6
Update bloodyAD attacks
2022-09-06 19:13:34 +02:00
Swissky
191a72c57e
Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings
2022-09-06 10:05:16 +02:00
Swissky
2be739ea4f
Fixing TGS/ST
2022-09-06 10:03:49 +02:00
Swissky
bdc2d55dd9
Merge pull request #533 from 0xsyr0/patch-1
...
Quick fix for WSUS malicious patch
2022-09-04 20:54:17 +02:00
Swissky
9e2471a472
SCCM Network Account
2022-09-04 20:51:23 +02:00
Swissky
fae02107df
Jetty RCE Credits
2022-09-04 14:24:16 +02:00
Swissky
811863501b
ESC9 - No Security Extension
2022-09-03 12:07:24 +02:00
0xsry0
343d63f79f
Quick fix for WSUS malicious patch
...
Not sure if it is deprecated but by tackling the box Outdated on HTB, the command didn't worked with two `&&`. To concatenate `"net user WSUSDemo Password123! /add ` and `net localgroup administrators WSUSDemo /add\""`, the `^&` is required.
2022-08-24 09:10:55 +02:00
Swissky
fbd7517e04
LFI2RCE - Picture Compression - SOCKS5 CS
2022-08-21 16:38:54 +02:00
Swissky
804920be62
Source Code Management
2022-08-18 10:43:01 +02:00
Swissky
6650c361e7
Capture a network trace with builtin tools
2022-08-15 15:02:29 +02:00
Adham Elmosalamy
1b2471265a
Typo fix
2022-08-08 16:08:55 +04:00
Swissky
7fe0a0475e
Docker Escape cgroup
2022-08-05 12:26:31 +02:00
Swissky
835d6fffe0
Shadow Credentials
2022-08-05 12:00:41 +02:00
Swissky
52e255cb75
Merge pull request #520 from sebch-/patch-1
...
Update Active Directory Attack.md
2022-08-03 19:20:11 +02:00
Spidycodes
bb6c9ed172
typo
2022-08-02 21:48:07 +00:00
Seb
310338b279
Update Active Directory Attack.md
...
Find AD
2022-08-02 15:09:23 +02:00
Swissky
e386a110d9
Find DC
2022-07-27 17:23:30 +02:00
Swissky
fc8fadbb0c
PR Guidelines + User Hunting + HopLa Configuration
2022-06-30 16:33:35 +02:00
fantesykikachu
f6c455d8f9
Windows Python3 Reverse Shell
2022-06-28 06:54:06 +00:00
Marwan Nour
36e417f129
Added DirtyPipe to kernel exploits
...
Fixed some links in the table of contents
2022-06-23 16:55:58 +02:00
Sh0ckFR
a4e43fb24c
Added Thread Stack Spoofer description
2022-06-22 12:11:49 +02:00
Sh0ckFR
4b07c91e7b
Added Sleep Mask Kit Link
2022-06-21 15:52:30 +02:00
Alexandre ZANNI
b831175f99
add english version of the article
2022-06-20 20:31:11 +02:00
Swissky
ad336b4d55
Privileged Access Management (PAM) Trust
2022-06-09 11:30:43 +02:00
Swissky
881c354b34
Pre-Created Computer Account
2022-06-08 12:14:11 +02:00
Swissky
0c7da8ec41
DNS Admins Group
2022-06-07 20:36:09 +02:00
Swissky
3066615cde
LAPS Access + Pass the Cert + Writeable folder
2022-05-31 11:57:44 +02:00
NocFlame
bebc87887a
added link to hashcat
2022-05-25 10:09:09 +02:00
NocFlame
ca959ec806
Added missing parenthese
2022-05-25 10:04:41 +02:00
NocFlame
2ef501f883
replaced backslash with forwardslash in cmd syntax
...
As defined in cmd.exe /?
/C Carries out the command specified by string and then terminates
2022-05-25 09:55:05 +02:00
Swissky
5035ed0891
WSUS Exploitation
2022-05-15 21:22:39 +02:00
Swissky
4cf464cc96
Certifried CVE-2022-26923
2022-05-13 09:44:51 +02:00
Swissky
d09659b164
Merge pull request #496 from cmd-ctrl-freq/master
...
Update Cloud - AWS Pentest.md
2022-05-11 10:25:30 +02:00
Swissky
67457ec582
SCCM deployment + JSON uploads
2022-05-09 15:14:26 +02:00
David Fentz
d3a296486e
Update Cloud - AWS Pentest.md
...
Added a reference to Cloudgoat in the Training section of the AWS pentesting docs.
2022-05-05 08:48:55 -07:00
Moayad Almalat
8a6e8b8f05
Update Cobalt Strike - Cheatsheet.md
...
Update Cobalt Strike user Guide to the latest version.
2022-04-25 15:18:04 +02:00
Swissky
5a89c6a5ca
Windows Management Instrumentation Event Subscription
2022-04-24 15:01:18 +02:00
Swissky
b0d05faded
TruffleHog examples + Cortex XDR disable
2022-04-14 09:42:15 +02:00
Swissky
89f0b93d43
Elastic EDR + VM Persistence
2022-03-27 19:50:33 +02:00
Swissky
d40e055629
Golden GMSA + Scheduled Task
2022-03-15 11:15:44 +01:00
Swissky
4abd52697f
MSSQL Agent Command Execution
2022-03-10 11:05:17 +01:00
Swissky
540d3ca399
Vajra + MSSQL hashes
2022-03-05 18:31:15 +01:00
Swissky
521975a05c
AV Removal + Cobalt SleepKit
2022-03-01 23:01:25 +01:00
Swissky
3e3562e553
ESC3 - Misconfigured Enrollment Agent Templates + Certipy v2
2022-02-20 13:15:28 +01:00
Swissky
71dcfd5ca7
ADCS ESC7 Shell + Big Query SQL
2022-02-18 14:50:38 +01:00
brightio
d36f98b4ca
Update LinPEAS links
2022-01-31 12:16:29 +01:00
Swissky
0b5c5acb87
ESC7 - Vulnerable Certificate Authority Access Control
2022-01-30 23:41:31 +01:00
Eslam Salem
d7e357f53a
fix rm bug in netcat reverseshell on OpenBSD & BusyBox
2022-01-29 17:19:30 +02:00
clem9669
05a77e06fc
Update Active Directory Attack.md
...
Updating the scanner modules for PingCastle.exe
2022-01-26 13:13:11 +00:00
Alexandre ZANNI
a397a3d643
add revshellgen and merge to tools section
2022-01-22 23:08:25 +01:00
Alexandre ZANNI
a077ceab7c
add tools section
2022-01-22 22:57:37 +01:00
clem9669
76ec08cfb4
Update Active Directory Attack.md
...
Correcting typo
Removing dead website
Adjusting techniques
2022-01-18 22:52:58 +01:00
Swissky
f0085e158b
Removing potential DMCA material
2022-01-05 22:22:08 +01:00
clem9669
4642dd44fc
Update Hash Cracking.md
...
Hey 👋
Updating content with more information and more accurate resources.
2022-01-05 18:25:31 +00:00
Swissky
dfe830d183
RODC - Read Only Domain Controller Compromise
2022-01-04 21:11:26 +01:00
Swissky
b5df6e1447
ESC6 - EDITF_ATTRIBUTESUBJECTALTNAME2 + Golden Certificate
2022-01-01 20:42:58 +01:00
Swissky
c9ef8f7f49
Graftcp Cheatsheet
2021-12-29 18:16:26 +01:00
Swissky
8411a0640d
ESC4 - Access Control Vulnerabilities
2021-12-29 15:00:22 +01:00
Swissky
27768783ff
Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings
2021-12-29 14:52:20 +01:00
Swissky
e3fb516747
MAQ + WEBDAV
2021-12-29 14:48:42 +01:00
Alexandre ZANNI
a430cfcc4e
update PowerGPOAbuse task command
2021-12-22 16:09:07 +01:00
Swissky
0d6d6049ce
AD + Log4shell + Windows Startup
2021-12-16 09:52:51 +01:00
Swissky
5714b9c9d7
samAccountName spoofing + Java RMI
2021-12-13 20:42:31 +01:00
Swissky
10974722b1
BloodHound Custom Queries + MSSQL CLR
2021-12-12 23:04:35 +01:00
CravateRouge
8da5f36f85
Add alternatives for AD ACL abuse from Linux
2021-11-15 17:36:05 +01:00
Swissky
3366f5eaac
Merge pull request #445 from NirLevy98/reverse_shell_delete-unused-imports
...
Delete unused import
2021-11-07 21:16:37 +01:00
Swissky
7d9dd6806e
Powershell Cheatsheet
2021-11-06 19:14:47 +01:00
Swissky
1c8067a150
Relaying with WebDav Trick + Shadow Credential
2021-10-30 21:04:23 +02:00
Swissky
e3373dd108
UnPAC The Hash + MachineKeys.txt
2021-10-26 21:56:39 +02:00
Swissky
1a3058f40c
Device Code Phish
2021-10-24 20:07:46 +02:00
Nir
4207479cce
Delete unused imports
2021-10-16 11:33:38 +03:00
Markus
6584df310f
Update Windows - Persistence.md
...
Add example to `disable windows defender` which uses MpCmdRun.exe to reset the current definitions. I recently used this and it was sufficient, that defender did not recognize previously flagged malicious files. It is quite helpful in case, that Set-MpPreference is not present or that the attacker is not allowed to adjust the service.
2021-10-14 08:53:25 +02:00
marcan2020
39a89e937a
Update breakout techniques
...
- Add a section on unassociated protocols
- Add paths to access filesystem via the address bar
- Fix Stick Keys link
- Fix Task Manager shortcut
- Add reference to HackTricks
2021-10-11 13:53:19 -04:00
Markus
d1345b0016
Update Hash Cracking Methodology
...
Add some structure to add additional tools.
Fix some typo.
Add online resources for cracking password hashes.
2021-10-11 17:08:46 +02:00
Swissky
883c35a9e5
Hash Cracking v0.1
2021-10-10 23:05:01 +02:00
p0dalirius
09b1b8984a
Update Active Directory Attack.md
2021-10-06 09:05:49 +02:00
p0dalirius
8045496946
Update Active Directory Attack.md
2021-10-06 08:59:13 +02:00
p0dalirius
19b4bee7a0
Update Active Directory Attack.md
2021-10-06 08:54:16 +02:00
p0dalirius
e0b8bee5a6
Update Active Directory Attack.md
2021-10-06 08:45:44 +02:00
p0dalirius
25b6003229
Update Active Directory Attack.md
2021-10-06 08:29:59 +02:00
p0dalirius
ee53c960f0
Update Active Directory Attack.md
2021-10-06 08:24:51 +02:00
p0dalirius
6d816c6e4b
Update Active Directory Attack.md
2021-10-06 08:23:07 +02:00
Podalirius
286b7c507e
Update Active Directory Attack.md
2021-10-06 08:15:51 +02:00
Swissky
000d1f9260
Merge pull request #426 from CravateRouge/patch-2
...
Add python check for ZeroLogon
2021-10-01 00:58:58 +02:00
CravateRouge
52d83bea5f
Add python check for ZeroLogon
2021-09-30 23:38:48 +02:00
CravateRouge
1cdd284f5b
Add Linux alternatives for GenericWrite abuse
2021-09-30 22:17:20 +02:00
Swissky
d2f63406cd
IIS + Certi + NetNTLMv1
2021-09-16 17:45:29 +02:00
Swissky
3af70155e2
DCOM Exec Impacket
2021-09-07 14:48:57 +02:00
Swissky
23438cc68e
Mitigation NTLMv1
2021-09-07 10:22:39 +02:00
Swissky
c8076e99c9
Net-NTLMv1 + DriverPrinter
2021-09-06 20:58:44 +02:00
Swissky
0f94adafe5
ESC2 + Windows Search Connectors - Windows Library Files
2021-09-01 14:10:53 +02:00
Swissky
f89597725a
Merge pull request #416 from Bort-Millipede/master
...
Expression Language Injection One-Liners; XSS Payload; Fixed Linux Py…
2021-08-25 22:17:53 +02:00
Swissky
69b99826d2
AD CS Attacks
2021-08-25 22:14:44 +02:00
Jeffrey Cap
9bde75b32d
Expression Language Injection One-Liners; XSS Payload; Fixed Linux Python IPv6 Reverse Shell Payload
2021-08-23 14:41:40 -05:00
Swissky
fde99044c5
CS NTLM Relay
2021-08-22 23:03:02 +02:00
Swissky
87be30d3b2
DB2 Injection + ADCS
2021-08-10 23:00:19 +02:00
Swissky
7ab7664469
Merge pull request #399 from Bort-Millipede/master
...
New/Updated Python Linux Reverse Shells
2021-07-31 11:26:36 +02:00
Jeffrey Cap
37e69b6162
Revised Linux Python Reverse Shells; Added New Linux Python Reverse Shells
2021-07-26 20:55:49 -05:00
Swissky
d9d4a54d03
RemotePotato0 + HiveNightmare
2021-07-26 21:25:56 +02:00
M4x
9086ff9d03
add missing header file
2021-07-26 16:04:39 +08:00
Swissky
3a4bd97762
AD CS - Mimikatz / Rubeus
2021-07-25 11:40:19 +02:00
Swissky
44735975a5
Active Directory update
2021-07-12 20:45:16 +02:00
Swissky
175c676f1e
Tmux PrivEsc + PrintNightmare update
2021-07-12 14:42:18 +02:00
Alexandre ZANNI
e2ff22b136
add CVE-2021-34527 + It Was All A Dream scanner
2021-07-08 10:40:01 +02:00
Swissky
2f8fc7bbb9
PrintNightmare - Mimikatz
2021-07-05 21:57:14 +02:00
Swissky
459f4c03fc
Dependency Confusion + LDAP
2021-07-04 13:32:32 +02:00
Sean R. Abraham
1fcbd576fe
Fix typo in Linux - Persistence.md
2021-07-02 16:18:35 -06:00
Sameer Bhatt (debugger)
0b8293b135
Added Reverse Shell using Telnet
...
Added Reverse Shell using Telnet.
2021-07-01 20:29:56 +05:30
Swissky
80816aee31
PrintNightmare - #385
2021-07-01 14:40:03 +02:00
Swissky
4e95162dc3
BadPwdCount attribute + DNS
2021-06-28 22:08:06 +02:00
Swissky
ab0e487500
Cobalt Strike spunner + pivotnacci
2021-06-27 23:58:13 +02:00
leongross
e31de3dd6b
Update Subdomains Enumeration.md
2021-06-25 09:17:27 +02:00
Swissky
85a7ac8a76
Shadow Credentials + AD CS Relay + SSSD KCM
2021-06-24 15:26:05 +02:00
Swissky
a723a34449
PS Transcript + PPLdump.exe
2021-05-06 18:26:00 +02:00
soka
a4bdabea83
Add AWS DynamoDB enumeration
2021-04-30 21:44:21 +02:00
Swissky
1592756f9c
Merge pull request #348 from pswalia2u/patch-1
...
Update Reverse Shell Cheatsheet.md
2021-04-26 10:05:59 +02:00
Swissky
08b59f2856
AD update CME+DCOM
2021-04-21 22:27:07 +02:00
Ryan Montgomery
7ae038d919
Update Reverse Shell Cheatsheet.md
...
Added: Automatic Reverse Shell Generator
2021-04-18 10:50:41 -04:00
clem9669
7a564cb859
Update Linux - Privilege Escalation.md
...
Fixing Markdow URL typo in writable network-scripts section
2021-04-15 10:07:43 +00:00
Micah Van Deusen
f23de13d96
Added method to read gMSA
2021-04-10 10:58:05 -05:00
Ricardo
604618ed41
Improve Ruby reverse shell
...
Now the reverse shell supports the "cd" command and maintains persistence when an error is raised.
2021-04-02 16:36:58 -04:00
secnigma
059a866fd2
Added Netcat BusyBox
...
Some embedded systems like busybox won't have mkfifo present; instead, they will have mknod. This updated code can spawn reverse shell in systems that use mknod instead of mkfifo.
2021-04-01 13:27:20 +05:30
pswalia2u
209380740b
Update Reverse Shell Cheatsheet.md
...
Added new Bash TCP reverse shell
2021-03-28 18:58:07 +05:30
Swissky
0443babe35
Relay + MSSQL Read File
2021-03-25 18:25:02 +01:00
Swissky
f6b9d63bf8
DCOM exploitation and MSSQL CLR
2021-03-24 22:26:23 +01:00
Swissky
bd2166027e
GMSA Password + Dart Reverse Shell
2021-03-24 12:44:35 +01:00
cosmin-bianu
13d54a5c24
Fixed Java payload
...
- Declared variables
- Added semicolons at the end of each line
- Fixed the bash command
2021-03-12 13:20:15 +02:00
c14dd49h
ca28c69e67
Update Active Directory Attack.md
2021-02-26 14:14:10 +01:00