Commit Graph

473 Commits

Author SHA1 Message Date
clem9669
05a77e06fc
Update Active Directory Attack.md
Updating the scanner modules for PingCastle.exe
2022-01-26 13:13:11 +00:00
Alexandre ZANNI
a397a3d643
add revshellgen and merge to tools section 2022-01-22 23:08:25 +01:00
Alexandre ZANNI
a077ceab7c
add tools section 2022-01-22 22:57:37 +01:00
clem9669
76ec08cfb4
Update Active Directory Attack.md
Correcting typo
Removing dead website
Adjusting techniques
2022-01-18 22:52:58 +01:00
Swissky
f0085e158b
Removing potential DMCA material 2022-01-05 22:22:08 +01:00
clem9669
4642dd44fc
Update Hash Cracking.md
Hey 👋 
Updating content with more information and more accurate resources.
2022-01-05 18:25:31 +00:00
Swissky
dfe830d183 RODC - Read Only Domain Controller Compromise 2022-01-04 21:11:26 +01:00
Swissky
b5df6e1447 ESC6 - EDITF_ATTRIBUTESUBJECTALTNAME2 + Golden Certificate 2022-01-01 20:42:58 +01:00
Swissky
c9ef8f7f49 Graftcp Cheatsheet 2021-12-29 18:16:26 +01:00
Swissky
8411a0640d ESC4 - Access Control Vulnerabilities 2021-12-29 15:00:22 +01:00
Swissky
27768783ff Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings 2021-12-29 14:52:20 +01:00
Swissky
e3fb516747 MAQ + WEBDAV 2021-12-29 14:48:42 +01:00
Alexandre ZANNI
a430cfcc4e
update PowerGPOAbuse task command 2021-12-22 16:09:07 +01:00
Swissky
0d6d6049ce AD + Log4shell + Windows Startup 2021-12-16 09:52:51 +01:00
Swissky
5714b9c9d7 samAccountName spoofing + Java RMI 2021-12-13 20:42:31 +01:00
Swissky
10974722b1 BloodHound Custom Queries + MSSQL CLR 2021-12-12 23:04:35 +01:00
CravateRouge
8da5f36f85
Add alternatives for AD ACL abuse from Linux 2021-11-15 17:36:05 +01:00
Swissky
3366f5eaac
Merge pull request #445 from NirLevy98/reverse_shell_delete-unused-imports
Delete unused import
2021-11-07 21:16:37 +01:00
Swissky
7d9dd6806e Powershell Cheatsheet 2021-11-06 19:14:47 +01:00
Swissky
1c8067a150 Relaying with WebDav Trick + Shadow Credential 2021-10-30 21:04:23 +02:00
Swissky
e3373dd108 UnPAC The Hash + MachineKeys.txt 2021-10-26 21:56:39 +02:00
Swissky
1a3058f40c Device Code Phish 2021-10-24 20:07:46 +02:00
Nir
4207479cce Delete unused imports 2021-10-16 11:33:38 +03:00
Markus
6584df310f
Update Windows - Persistence.md
Add example to `disable windows defender` which uses MpCmdRun.exe to reset the current definitions. I recently used this and it was sufficient, that defender did not recognize previously flagged malicious files. It is quite helpful in case, that Set-MpPreference is not present or that the attacker is not allowed to adjust the service.
2021-10-14 08:53:25 +02:00
marcan2020
39a89e937a
Update breakout techniques
- Add a section on unassociated protocols
- Add paths to access filesystem via the address bar
- Fix Stick Keys link
- Fix Task Manager shortcut
- Add reference to HackTricks
2021-10-11 13:53:19 -04:00
Markus
d1345b0016
Update Hash Cracking Methodology
Add some structure to add additional tools.
Fix some typo.
Add online resources for cracking password hashes.
2021-10-11 17:08:46 +02:00
Swissky
883c35a9e5 Hash Cracking v0.1 2021-10-10 23:05:01 +02:00
p0dalirius
09b1b8984a Update Active Directory Attack.md 2021-10-06 09:05:49 +02:00
p0dalirius
8045496946 Update Active Directory Attack.md 2021-10-06 08:59:13 +02:00
p0dalirius
19b4bee7a0 Update Active Directory Attack.md 2021-10-06 08:54:16 +02:00
p0dalirius
e0b8bee5a6 Update Active Directory Attack.md 2021-10-06 08:45:44 +02:00
p0dalirius
25b6003229 Update Active Directory Attack.md 2021-10-06 08:29:59 +02:00
p0dalirius
ee53c960f0 Update Active Directory Attack.md 2021-10-06 08:24:51 +02:00
p0dalirius
6d816c6e4b Update Active Directory Attack.md 2021-10-06 08:23:07 +02:00
Podalirius
286b7c507e
Update Active Directory Attack.md 2021-10-06 08:15:51 +02:00
Swissky
000d1f9260
Merge pull request #426 from CravateRouge/patch-2
Add python check for ZeroLogon
2021-10-01 00:58:58 +02:00
CravateRouge
52d83bea5f
Add python check for ZeroLogon 2021-09-30 23:38:48 +02:00
CravateRouge
1cdd284f5b
Add Linux alternatives for GenericWrite abuse 2021-09-30 22:17:20 +02:00
Swissky
d2f63406cd IIS + Certi + NetNTLMv1 2021-09-16 17:45:29 +02:00
Swissky
3af70155e2 DCOM Exec Impacket 2021-09-07 14:48:57 +02:00
Swissky
23438cc68e Mitigation NTLMv1 2021-09-07 10:22:39 +02:00
Swissky
c8076e99c9 Net-NTLMv1 + DriverPrinter 2021-09-06 20:58:44 +02:00
Swissky
0f94adafe5 ESC2 + Windows Search Connectors - Windows Library Files 2021-09-01 14:10:53 +02:00
Swissky
f89597725a
Merge pull request #416 from Bort-Millipede/master
Expression Language Injection One-Liners; XSS Payload; Fixed Linux Py…
2021-08-25 22:17:53 +02:00
Swissky
69b99826d2 AD CS Attacks 2021-08-25 22:14:44 +02:00
Jeffrey Cap
9bde75b32d Expression Language Injection One-Liners; XSS Payload; Fixed Linux Python IPv6 Reverse Shell Payload 2021-08-23 14:41:40 -05:00
Swissky
fde99044c5 CS NTLM Relay 2021-08-22 23:03:02 +02:00
Swissky
87be30d3b2 DB2 Injection + ADCS 2021-08-10 23:00:19 +02:00
Swissky
7ab7664469
Merge pull request #399 from Bort-Millipede/master
New/Updated Python Linux Reverse Shells
2021-07-31 11:26:36 +02:00
Jeffrey Cap
37e69b6162 Revised Linux Python Reverse Shells; Added New Linux Python Reverse Shells 2021-07-26 20:55:49 -05:00
Swissky
d9d4a54d03 RemotePotato0 + HiveNightmare 2021-07-26 21:25:56 +02:00
M4x
9086ff9d03
add missing header file 2021-07-26 16:04:39 +08:00
Swissky
3a4bd97762 AD CS - Mimikatz / Rubeus 2021-07-25 11:40:19 +02:00
Swissky
44735975a5 Active Directory update 2021-07-12 20:45:16 +02:00
Swissky
175c676f1e Tmux PrivEsc + PrintNightmare update 2021-07-12 14:42:18 +02:00
Alexandre ZANNI
e2ff22b136
add CVE-2021-34527 + It Was All A Dream scanner 2021-07-08 10:40:01 +02:00
Swissky
2f8fc7bbb9 PrintNightmare - Mimikatz 2021-07-05 21:57:14 +02:00
Swissky
459f4c03fc Dependency Confusion + LDAP 2021-07-04 13:32:32 +02:00
Sean R. Abraham
1fcbd576fe
Fix typo in Linux - Persistence.md 2021-07-02 16:18:35 -06:00
Sameer Bhatt (debugger)
0b8293b135
Added Reverse Shell using Telnet
Added Reverse Shell using Telnet.
2021-07-01 20:29:56 +05:30
Swissky
80816aee31 PrintNightmare - #385 2021-07-01 14:40:03 +02:00
Swissky
4e95162dc3 BadPwdCount attribute + DNS 2021-06-28 22:08:06 +02:00
Swissky
ab0e487500 Cobalt Strike spunner + pivotnacci 2021-06-27 23:58:13 +02:00
leongross
e31de3dd6b
Update Subdomains Enumeration.md 2021-06-25 09:17:27 +02:00
Swissky
85a7ac8a76 Shadow Credentials + AD CS Relay + SSSD KCM 2021-06-24 15:26:05 +02:00
Swissky
a723a34449 PS Transcript + PPLdump.exe 2021-05-06 18:26:00 +02:00
soka
a4bdabea83 Add AWS DynamoDB enumeration 2021-04-30 21:44:21 +02:00
Swissky
1592756f9c
Merge pull request #348 from pswalia2u/patch-1
Update Reverse Shell Cheatsheet.md
2021-04-26 10:05:59 +02:00
Swissky
08b59f2856 AD update CME+DCOM 2021-04-21 22:27:07 +02:00
Ryan Montgomery
7ae038d919
Update Reverse Shell Cheatsheet.md
Added: Automatic Reverse Shell Generator
2021-04-18 10:50:41 -04:00
clem9669
7a564cb859
Update Linux - Privilege Escalation.md
Fixing Markdow URL typo in writable network-scripts section
2021-04-15 10:07:43 +00:00
Micah Van Deusen
f23de13d96
Added method to read gMSA 2021-04-10 10:58:05 -05:00
Ricardo
604618ed41
Improve Ruby reverse shell
Now the reverse shell supports the "cd" command and maintains persistence when an error is raised.
2021-04-02 16:36:58 -04:00
secnigma
059a866fd2
Added Netcat BusyBox
Some embedded systems like busybox won't have mkfifo present; instead, they will have mknod. This updated code can spawn reverse shell in systems that use mknod instead of mkfifo.
2021-04-01 13:27:20 +05:30
pswalia2u
209380740b
Update Reverse Shell Cheatsheet.md
Added new Bash TCP reverse shell
2021-03-28 18:58:07 +05:30
Swissky
0443babe35 Relay + MSSQL Read File 2021-03-25 18:25:02 +01:00
Swissky
f6b9d63bf8 DCOM exploitation and MSSQL CLR 2021-03-24 22:26:23 +01:00
Swissky
bd2166027e GMSA Password + Dart Reverse Shell 2021-03-24 12:44:35 +01:00
cosmin-bianu
13d54a5c24
Fixed Java payload
- Declared variables
- Added semicolons at the end of each line
- Fixed the bash command
2021-03-12 13:20:15 +02:00
c14dd49h
ca28c69e67
Update Active Directory Attack.md 2021-02-26 14:14:10 +01:00
Swissky
8d31b7240b Office Attacks 2021-02-21 20:17:57 +01:00
mpgn
d1c23c5863
Unload the service mimi 2021-02-17 12:21:16 +01:00
mpgn
9be371d793
add mimikatz command to protect a process again after removing the protection
fe4e984055/mimikatz/modules/kuhl_m_kernel.c (L99)
2021-02-17 12:15:47 +01:00
Valentín Blanco
73f6ab940c
Update Windows - Privilege Escalation.md
Adding WES-NG which is a great and updated replacement for Windows-Exploit-Suggester.
2021-02-10 15:52:41 +01:00
Jakub 'unknow' Mrugalski
9244fe0480
[typo] changed sshs_config to sshd_config 2021-02-05 12:24:49 +01:00
Swissky
092083af5c AD - Printer Bug + Account Lock 2021-01-29 22:10:22 +01:00
PinkDev1
93769768e2
Added EoP - $PATH Interception 2021-01-28 19:45:54 +00:00
Swissky
01aadf3a44 Alternate Data Stream 2021-01-13 10:22:59 +01:00
lanjelot
5cfa93f98b Add new cloudsplaining tool to AWS Pentest page 2021-01-12 22:59:37 +11:00
Swissky
3a6ac550b8 DSRM Admin 2021-01-08 23:41:50 +01:00
Tim Gates
7846225bfd
docs: fix simple typo, accound -> account
There is a small typo in Methodology and Resources/Active Directory Attack.md.

Should read `account` rather than `accound`.
2020-12-23 09:16:40 +11:00
Swissky
16b207eb0b LAPS Password 2020-12-20 21:45:41 +01:00
Swissky
67752de6e9 Bronze Bit Attack 2020-12-18 22:38:30 +01:00
lanjelot
e0c745cbf4 Fix AWS duplicated tool enumerate-iam 2020-12-18 22:52:21 +11:00
lanjelot
4b9baf37d3 Add dufflebag tool and cleanup 2020-12-18 22:45:07 +11:00
Swissky
f7e8f515a5 Application Escape and Breakout 2020-12-17 08:56:58 +01:00
lanjelot
4c18e29a6b Fix links and duplicated nmap and massscan examples 2020-12-13 04:50:59 +11:00
Swissky
73fdd6e218 Mimikatz - Elevate token with LSA protection 2020-12-09 23:33:40 +01:00
Swissky
19a2950b8d AMSI + Trust 2020-12-08 14:31:01 +01:00
Swissky
78cc68674b
Merge pull request #296 from brnhrd/patch-1
Fix table of contents
2020-12-07 17:21:02 +01:00
Swissky
f48ee0bca5 Deepce - Docker Enumeration, Escalation of Privileges and Container Escapes 2020-12-06 18:59:43 +01:00
Swissky
27050f6dd8 MSSQL Server Cheatsheet 2020-12-05 11:37:34 +01:00
Swissky
e13f152b74 AD - Recon 2020-12-02 18:43:13 +01:00
brnhrd
15e44bdfe6
Fix table of contents 2020-12-02 14:19:59 +01:00
lanjelot
bca107cc64 Move duplicated tool references into one place 2020-11-30 01:38:04 +11:00
lanjelot
10e6c075f7 Add tool nccgroup/s3_objects_check 2020-11-30 01:17:15 +11:00
Swissky
b918095775 AzureHound 2020-11-24 12:41:34 +01:00
Abass Sesay
95b07c9e3e
Sorted the list of revshell options
Miniscule change because it was grinding my grinding my gears that the list is not sorted :-)
2020-11-14 09:20:49 -08:00
Swissky
bd184487e5 NTLM Hashcat 2020-11-06 16:20:03 +01:00
Swissky
1137bfca8d Remote Desktop Services Shadowing 2020-10-30 21:10:00 +01:00
Gorgamite
f9389d708b
Added winPEAS to windows privilege escalation tool
WinPEAS is a really thorough privesc enumeration tool for windows, you can find it here: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe
It doesn't auto exploit, but it's rather thorough and effective.
2020-10-29 03:57:40 -07:00
Swissky
db533aabd4
Merge pull request #280 from Gorgamite/master
Added LinPEAS to Linux Privesc.
2020-10-29 11:56:44 +01:00
Gorgamite
ff3b45e0b7
Added LinPEAS to Linux Privesc.
I very strongly recommend adding LinPEAS to the enumeration tools. LinPEAS is arguably the best linux privesc enumeration tool out there. If you haven't used it, I'd try it out. It highlights all relevant information with color coded text, and you can pass it parameters to control the thoroughness of the scan. You should add WinPEAS for windows privesc as well.
2020-10-29 03:50:05 -07:00
Gorgamite
1b69a3ef73
Update Linux - Privilege Escalation.md 2020-10-29 03:22:08 -07:00
Vincent Gilles
0b90094002 Fix(Docs): Correcting typos on the repo 2020-10-17 22:52:35 +02:00
marcan2020
693349da56
Add Python bind shell 2020-10-17 14:52:36 -04:00
Swissky
5a1ae58a59 Sticky Notes Windows + Cobalt SMB 2020-10-16 11:35:15 +02:00
Swissky
3368084b2d CS Beacon - SMB Error Code 2020-10-15 17:22:00 +02:00
Swissky
b32f4754d7 Keytab + schtasks 2020-10-15 12:35:05 +02:00
Swissky
913f2d2381
Merge pull request #253 from yoavbls/add-cloudflared
Use cloudflared to expose internal services
2020-10-09 10:34:26 +02:00
Swissky
0f098c8a2c
Merge pull request #251 from ritiksahni/patch-1
Removed broken link
2020-10-09 10:33:43 +02:00
Swissky
c9be68f0a1 Privilege File Write - Update 2020-10-08 16:51:11 +02:00
Swissky
0df0cc9cf8 Privileged File Write 2020-10-08 16:39:25 +02:00
Swissky
52b0cd6030 Ligolo Reverse Tunneling 2020-10-08 11:23:12 +02:00
YoavB
dbddc717af Use cloudflared to expose internal service 2020-10-03 22:34:28 +03:00
ritiksahni
7e0e06682b
Removed broken link
bitrot.sh domain is expired and hence the link in the markdown file was broken.
2020-10-03 00:25:36 +05:30
@cnagy
50c12f2e71
Added cURL command for Wayback Machine querying 2020-10-02 15:26:57 +00:00
@cnagy
ec1f89fbe6
Updated Responder link and added InveighZero 2020-10-02 04:39:09 +00:00
Swissky
837d2641b7 Persistence - Scheduled Tasks 2020-09-30 11:46:04 +02:00
Swissky
6c1a6c41aa Docker - Kernel Module 2020-09-27 13:53:13 +02:00
Swissky
0cee482b32
Merge pull request #239 from zero77/patch-1
Update Linux - Persistence.md
2020-09-23 17:30:32 +02:00
Swissky
229502c497
Update Linux - Persistence.md 2020-09-23 17:29:34 +02:00
Swissky
1a0e31a05e Zero Logon - Restore pwd 2020-09-18 21:21:55 +02:00
Swissky
f4ef56fca0 Mimikatz Zerologon + reset pwd 2020-09-17 14:05:54 +02:00
Swissky
62678c26ce .NET Zero Logon 2020-09-16 14:31:59 +02:00
Swissky
14586e4d7a ZeroLogon via Mimikatz 2020-09-16 14:13:40 +02:00
Swissky
e79918bdc2 CVE-2020-1472 Unauthenticated domain controller compromise 2020-09-14 23:06:09 +02:00
Swissky
bcd700c951 AWS API calls that return credentials - kmcquade 2020-09-06 17:11:30 +02:00
zero77
f1d55a132a
Update Linux - Persistence.md 2020-09-02 09:43:25 +00:00
Swissky
cc95f4e386 AD - Forest to Forest compromise 2020-08-18 09:33:38 +02:00
Justin Perdok
f11c45650b
Update Active Directory Attack.md 2020-08-17 13:18:30 +00:00
Justin Perdok
1284715128
Update Active Directory Attack.md 2020-08-17 13:15:33 +00:00
Justin Perdok
6f3f2239fa
GenericWrite and Remote Connection Manager
Added content from https://sensepost.com/blog/2020/ace-to-rce/
2020-08-17 13:00:04 +00:00
Swissky
33129f2b4c Silver Ticket with services list 2020-08-09 19:25:03 +02:00
Swissky
c7e3ea005e Powershell Remoting 2020-08-09 12:15:56 +02:00
Swissky
767eb04af6 Persistence - Typo 2020-07-21 19:48:57 +02:00
Swissky
ca9326b5fc Driver Privilege Escalation 2020-07-13 15:00:36 +02:00
Swissky
dd40ddd233 XSS summary subentries + GraphTCP 2020-07-12 14:44:33 +02:00
Artiom Mocrenco
62443a3753
fix typo 2020-07-08 18:01:12 +03:00
Artiom Mocrenco
2d7d6d6eed
Add TLS-PSK OpenSSL reverse shell method 2020-07-08 17:01:38 +03:00