Swissky
fde99044c5
CS NTLM Relay
2021-08-22 23:03:02 +02:00
Swissky
87be30d3b2
DB2 Injection + ADCS
2021-08-10 23:00:19 +02:00
Swissky
7ab7664469
Merge pull request #399 from Bort-Millipede/master
...
New/Updated Python Linux Reverse Shells
2021-07-31 11:26:36 +02:00
Jeffrey Cap
37e69b6162
Revised Linux Python Reverse Shells; Added New Linux Python Reverse Shells
2021-07-26 20:55:49 -05:00
Swissky
d9d4a54d03
RemotePotato0 + HiveNightmare
2021-07-26 21:25:56 +02:00
M4x
9086ff9d03
add missing header file
2021-07-26 16:04:39 +08:00
Swissky
3a4bd97762
AD CS - Mimikatz / Rubeus
2021-07-25 11:40:19 +02:00
Swissky
44735975a5
Active Directory update
2021-07-12 20:45:16 +02:00
Swissky
175c676f1e
Tmux PrivEsc + PrintNightmare update
2021-07-12 14:42:18 +02:00
Alexandre ZANNI
e2ff22b136
add CVE-2021-34527 + It Was All A Dream scanner
2021-07-08 10:40:01 +02:00
Swissky
2f8fc7bbb9
PrintNightmare - Mimikatz
2021-07-05 21:57:14 +02:00
Swissky
459f4c03fc
Dependency Confusion + LDAP
2021-07-04 13:32:32 +02:00
Sean R. Abraham
1fcbd576fe
Fix typo in Linux - Persistence.md
2021-07-02 16:18:35 -06:00
Sameer Bhatt (debugger)
0b8293b135
Added Reverse Shell using Telnet
...
Added Reverse Shell using Telnet.
2021-07-01 20:29:56 +05:30
Swissky
80816aee31
PrintNightmare - #385
2021-07-01 14:40:03 +02:00
Swissky
4e95162dc3
BadPwdCount attribute + DNS
2021-06-28 22:08:06 +02:00
Swissky
ab0e487500
Cobalt Strike spunner + pivotnacci
2021-06-27 23:58:13 +02:00
leongross
e31de3dd6b
Update Subdomains Enumeration.md
2021-06-25 09:17:27 +02:00
Swissky
85a7ac8a76
Shadow Credentials + AD CS Relay + SSSD KCM
2021-06-24 15:26:05 +02:00
Swissky
a723a34449
PS Transcript + PPLdump.exe
2021-05-06 18:26:00 +02:00
soka
a4bdabea83
Add AWS DynamoDB enumeration
2021-04-30 21:44:21 +02:00
Swissky
1592756f9c
Merge pull request #348 from pswalia2u/patch-1
...
Update Reverse Shell Cheatsheet.md
2021-04-26 10:05:59 +02:00
Swissky
08b59f2856
AD update CME+DCOM
2021-04-21 22:27:07 +02:00
Ryan Montgomery
7ae038d919
Update Reverse Shell Cheatsheet.md
...
Added: Automatic Reverse Shell Generator
2021-04-18 10:50:41 -04:00
clem9669
7a564cb859
Update Linux - Privilege Escalation.md
...
Fixing Markdow URL typo in writable network-scripts section
2021-04-15 10:07:43 +00:00
Micah Van Deusen
f23de13d96
Added method to read gMSA
2021-04-10 10:58:05 -05:00
Ricardo
604618ed41
Improve Ruby reverse shell
...
Now the reverse shell supports the "cd" command and maintains persistence when an error is raised.
2021-04-02 16:36:58 -04:00
secnigma
059a866fd2
Added Netcat BusyBox
...
Some embedded systems like busybox won't have mkfifo present; instead, they will have mknod. This updated code can spawn reverse shell in systems that use mknod instead of mkfifo.
2021-04-01 13:27:20 +05:30
pswalia2u
209380740b
Update Reverse Shell Cheatsheet.md
...
Added new Bash TCP reverse shell
2021-03-28 18:58:07 +05:30
Swissky
0443babe35
Relay + MSSQL Read File
2021-03-25 18:25:02 +01:00
Swissky
f6b9d63bf8
DCOM exploitation and MSSQL CLR
2021-03-24 22:26:23 +01:00
Swissky
bd2166027e
GMSA Password + Dart Reverse Shell
2021-03-24 12:44:35 +01:00
cosmin-bianu
13d54a5c24
Fixed Java payload
...
- Declared variables
- Added semicolons at the end of each line
- Fixed the bash command
2021-03-12 13:20:15 +02:00
c14dd49h
ca28c69e67
Update Active Directory Attack.md
2021-02-26 14:14:10 +01:00
Swissky
8d31b7240b
Office Attacks
2021-02-21 20:17:57 +01:00
mpgn
d1c23c5863
Unload the service mimi
2021-02-17 12:21:16 +01:00
mpgn
9be371d793
add mimikatz command to protect a process again after removing the protection
...
fe4e984055/mimikatz/modules/kuhl_m_kernel.c (L99)
2021-02-17 12:15:47 +01:00
Valentín Blanco
73f6ab940c
Update Windows - Privilege Escalation.md
...
Adding WES-NG which is a great and updated replacement for Windows-Exploit-Suggester.
2021-02-10 15:52:41 +01:00
Jakub 'unknow' Mrugalski
9244fe0480
[typo] changed sshs_config to sshd_config
2021-02-05 12:24:49 +01:00
Swissky
092083af5c
AD - Printer Bug + Account Lock
2021-01-29 22:10:22 +01:00
PinkDev1
93769768e2
Added EoP - $PATH Interception
2021-01-28 19:45:54 +00:00
Swissky
01aadf3a44
Alternate Data Stream
2021-01-13 10:22:59 +01:00
lanjelot
5cfa93f98b
Add new cloudsplaining tool to AWS Pentest page
2021-01-12 22:59:37 +11:00
Swissky
3a6ac550b8
DSRM Admin
2021-01-08 23:41:50 +01:00
Tim Gates
7846225bfd
docs: fix simple typo, accound -> account
...
There is a small typo in Methodology and Resources/Active Directory Attack.md.
Should read `account` rather than `accound`.
2020-12-23 09:16:40 +11:00
Swissky
16b207eb0b
LAPS Password
2020-12-20 21:45:41 +01:00
Swissky
67752de6e9
Bronze Bit Attack
2020-12-18 22:38:30 +01:00
lanjelot
e0c745cbf4
Fix AWS duplicated tool enumerate-iam
2020-12-18 22:52:21 +11:00
lanjelot
4b9baf37d3
Add dufflebag tool and cleanup
2020-12-18 22:45:07 +11:00
Swissky
f7e8f515a5
Application Escape and Breakout
2020-12-17 08:56:58 +01:00
lanjelot
4c18e29a6b
Fix links and duplicated nmap and massscan examples
2020-12-13 04:50:59 +11:00
Swissky
73fdd6e218
Mimikatz - Elevate token with LSA protection
2020-12-09 23:33:40 +01:00
Swissky
19a2950b8d
AMSI + Trust
2020-12-08 14:31:01 +01:00
Swissky
78cc68674b
Merge pull request #296 from brnhrd/patch-1
...
Fix table of contents
2020-12-07 17:21:02 +01:00
Swissky
f48ee0bca5
Deepce - Docker Enumeration, Escalation of Privileges and Container Escapes
2020-12-06 18:59:43 +01:00
Swissky
27050f6dd8
MSSQL Server Cheatsheet
2020-12-05 11:37:34 +01:00
Swissky
e13f152b74
AD - Recon
2020-12-02 18:43:13 +01:00
brnhrd
15e44bdfe6
Fix table of contents
2020-12-02 14:19:59 +01:00
lanjelot
bca107cc64
Move duplicated tool references into one place
2020-11-30 01:38:04 +11:00
lanjelot
10e6c075f7
Add tool nccgroup/s3_objects_check
2020-11-30 01:17:15 +11:00
Swissky
b918095775
AzureHound
2020-11-24 12:41:34 +01:00
Abass Sesay
95b07c9e3e
Sorted the list of revshell options
...
Miniscule change because it was grinding my grinding my gears that the list is not sorted :-)
2020-11-14 09:20:49 -08:00
Swissky
bd184487e5
NTLM Hashcat
2020-11-06 16:20:03 +01:00
Swissky
1137bfca8d
Remote Desktop Services Shadowing
2020-10-30 21:10:00 +01:00
Gorgamite
f9389d708b
Added winPEAS to windows privilege escalation tool
...
WinPEAS is a really thorough privesc enumeration tool for windows, you can find it here: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe
It doesn't auto exploit, but it's rather thorough and effective.
2020-10-29 03:57:40 -07:00
Swissky
db533aabd4
Merge pull request #280 from Gorgamite/master
...
Added LinPEAS to Linux Privesc.
2020-10-29 11:56:44 +01:00
Gorgamite
ff3b45e0b7
Added LinPEAS to Linux Privesc.
...
I very strongly recommend adding LinPEAS to the enumeration tools. LinPEAS is arguably the best linux privesc enumeration tool out there. If you haven't used it, I'd try it out. It highlights all relevant information with color coded text, and you can pass it parameters to control the thoroughness of the scan. You should add WinPEAS for windows privesc as well.
2020-10-29 03:50:05 -07:00
Gorgamite
1b69a3ef73
Update Linux - Privilege Escalation.md
2020-10-29 03:22:08 -07:00
Vincent Gilles
0b90094002
Fix(Docs): Correcting typos on the repo
2020-10-17 22:52:35 +02:00
marcan2020
693349da56
Add Python bind shell
2020-10-17 14:52:36 -04:00
Swissky
5a1ae58a59
Sticky Notes Windows + Cobalt SMB
2020-10-16 11:35:15 +02:00
Swissky
3368084b2d
CS Beacon - SMB Error Code
2020-10-15 17:22:00 +02:00
Swissky
b32f4754d7
Keytab + schtasks
2020-10-15 12:35:05 +02:00
Swissky
913f2d2381
Merge pull request #253 from yoavbls/add-cloudflared
...
Use cloudflared to expose internal services
2020-10-09 10:34:26 +02:00
Swissky
0f098c8a2c
Merge pull request #251 from ritiksahni/patch-1
...
Removed broken link
2020-10-09 10:33:43 +02:00
Swissky
c9be68f0a1
Privilege File Write - Update
2020-10-08 16:51:11 +02:00
Swissky
0df0cc9cf8
Privileged File Write
2020-10-08 16:39:25 +02:00
Swissky
52b0cd6030
Ligolo Reverse Tunneling
2020-10-08 11:23:12 +02:00
YoavB
dbddc717af
Use cloudflared to expose internal service
2020-10-03 22:34:28 +03:00
ritiksahni
7e0e06682b
Removed broken link
...
bitrot.sh domain is expired and hence the link in the markdown file was broken.
2020-10-03 00:25:36 +05:30
@cnagy
50c12f2e71
Added cURL command for Wayback Machine querying
2020-10-02 15:26:57 +00:00
@cnagy
ec1f89fbe6
Updated Responder link and added InveighZero
2020-10-02 04:39:09 +00:00
Swissky
837d2641b7
Persistence - Scheduled Tasks
2020-09-30 11:46:04 +02:00
Swissky
6c1a6c41aa
Docker - Kernel Module
2020-09-27 13:53:13 +02:00
Swissky
0cee482b32
Merge pull request #239 from zero77/patch-1
...
Update Linux - Persistence.md
2020-09-23 17:30:32 +02:00
Swissky
229502c497
Update Linux - Persistence.md
2020-09-23 17:29:34 +02:00
Swissky
1a0e31a05e
Zero Logon - Restore pwd
2020-09-18 21:21:55 +02:00
Swissky
f4ef56fca0
Mimikatz Zerologon + reset pwd
2020-09-17 14:05:54 +02:00
Swissky
62678c26ce
.NET Zero Logon
2020-09-16 14:31:59 +02:00
Swissky
14586e4d7a
ZeroLogon via Mimikatz
2020-09-16 14:13:40 +02:00
Swissky
e79918bdc2
CVE-2020-1472 Unauthenticated domain controller compromise
2020-09-14 23:06:09 +02:00
Swissky
bcd700c951
AWS API calls that return credentials - kmcquade
2020-09-06 17:11:30 +02:00
zero77
f1d55a132a
Update Linux - Persistence.md
2020-09-02 09:43:25 +00:00
Swissky
cc95f4e386
AD - Forest to Forest compromise
2020-08-18 09:33:38 +02:00
Justin Perdok
f11c45650b
Update Active Directory Attack.md
2020-08-17 13:18:30 +00:00
Justin Perdok
1284715128
Update Active Directory Attack.md
2020-08-17 13:15:33 +00:00
Justin Perdok
6f3f2239fa
GenericWrite and Remote Connection Manager
...
Added content from https://sensepost.com/blog/2020/ace-to-rce/
2020-08-17 13:00:04 +00:00
Swissky
33129f2b4c
Silver Ticket with services list
2020-08-09 19:25:03 +02:00
Swissky
c7e3ea005e
Powershell Remoting
2020-08-09 12:15:56 +02:00
Swissky
767eb04af6
Persistence - Typo
2020-07-21 19:48:57 +02:00
Swissky
ca9326b5fc
Driver Privilege Escalation
2020-07-13 15:00:36 +02:00
Swissky
dd40ddd233
XSS summary subentries + GraphTCP
2020-07-12 14:44:33 +02:00
Artiom Mocrenco
62443a3753
fix typo
2020-07-08 18:01:12 +03:00
Artiom Mocrenco
2d7d6d6eed
Add TLS-PSK OpenSSL reverse shell method
2020-07-08 17:01:38 +03:00
Swissky
5b1a79cb56
Docker device file breakout
2020-07-04 19:00:56 +02:00
Swissky
ecf29c2cbe
Active Directory - Mitigations
2020-06-18 11:55:48 +02:00
Swissky
71ddb449ce
Windows Persistence
2020-06-01 21:37:32 +02:00
Swissky
5323ceb37c
SUDO CVE + Windows Drivers PrivEsc
2020-05-28 11:19:16 +02:00
Swissky
4ca5e71c2f
Bind shell cheatsheet ( Fix #194 )
2020-05-24 14:09:46 +02:00
Swissky
c1731041b5
Misc & Tricks Page + AMSI + Defender
2020-05-16 13:22:55 +02:00
Swissky
eb074393df
Windows Persistence - Binary replacing
2020-05-13 23:07:39 +02:00
Swissky
a65fdbb568
XSW 4 Fix #205
2020-05-12 14:27:25 +02:00
Swissky
e95a4aeac0
MSOL AD Spray
2020-05-11 17:08:03 +02:00
Swissky
3ed2b28e59
Add user /Y + GPO Powerview
2020-05-10 23:16:29 +02:00
Swissky
7f1c150edd
Mimikatz Summary
2020-05-10 16:17:10 +02:00
joker2a
32b83da302
Update Linux - Privilege Escalation.md
...
Add new privesc for (Centos/Redhat)
Writable /etc/sysconfig/network-scripts/
2020-05-04 11:44:24 +02:00
guanicoe
1fc8b57c85
Update Windows - Privilege Escalation.md
...
added Get-Process to list processes
2020-05-03 21:11:01 +00:00
Swissky
5163ef902c
XSS Google Scholar Payload + Skeleton Key Persistence
2020-05-03 16:28:17 +02:00
Swissky
04899355ad
Magic Hashes + SQL fuzz
2020-04-26 21:43:42 +02:00
Th1b4ud
7c8e9ac4ce
Typo
2020-04-22 16:01:49 +02:00
Th1b4ud
14d03b96a1
Linux privesc - SSH Key Predictable PRNG (Authorized_Keys) Process - Summary
2020-04-22 16:00:31 +02:00
Th1b4ud
2e507a2b2f
Linux privesc - SSH Key Predictable PRNG (Authorized_Keys) Process
2020-04-22 15:55:10 +02:00
Th1b4ud
2740600a6b
Alternative TTY method with /usr/bin/script
2020-04-21 19:21:51 +02:00
Swissky
89f906f7a8
Fix issue - C reverse shell
2020-04-21 11:17:39 +02:00
Swissky
af6760ef7a
RoadRecon + JSON None refs
2020-04-17 16:34:51 +02:00
Th1b4ud
29194a8ef1
Add others shell on reverse shell cheatsheet
...
Add others shell on reverse shell cheatsheet
2020-04-13 19:06:01 +02:00
Swissky
6e7af5a267
Docker Registry - Pull/Download
2020-04-04 18:27:41 +02:00
M4x
1d299f55c9
Delete unnecessary escape characters
...
`whoami` has already been wrapped in backquotes. There is no need to user escape characters again
2020-03-29 23:40:39 +08:00
Swissky
be8f32b586
Docker escape and exploit
2020-03-29 16:48:09 +02:00
Swissky
95ab07b45e
CloudTrail disable, GraphQL tool
2020-03-28 12:01:56 +01:00
guenicoe
a3cc577ebd
added cmd on the USOSVC vuln
...
Added `cmd \c C:\Users\nc.exe` as not typing `cmd \c` did not work for me. Might need even more explanation
2020-03-24 20:15:59 +00:00
PixeL
1b190939c4
Remove example from win priv esc
...
This example was used on hackthebox where it leaked the root flag of a machine on free servers.
This resulted in every user being able to get the root flag before they have even completed the box which isn't fair to others.
This example should either be changed or removed completely to combat copy-pasting without knowing what you're doing.
2020-03-23 17:17:42 -05:00
Fanis Katsimpas
2bdbb2dbc5
Update Windows - Privilege Escalation.md
...
Make powershell on EoP - Runas easier to copy paste
2020-03-22 19:25:35 +00:00
Swissky
1538ccd7f2
Gaining AWS Console Access via API Keys
2020-03-19 11:59:49 +01:00
Swissky
1f3a94ba88
AWS SSM + Shadow copy attack
2020-03-06 15:30:38 +01:00
Swissky
5d87804f71
AWS EC2 Instance Connect + Lambda + SSM
2020-03-06 13:33:14 +01:00
Swissky
c19e36ad34
Azure AD Connect - MSOL Account's password and DCSync
2020-03-01 17:06:31 +01:00
Swissky
71a307a86b
AWS - EC2 copy image
2020-02-29 12:56:00 +01:00
Swissky
74f2dfccca
Kerberos Constrained Delegation
2020-02-23 21:20:46 +01:00
Swissky
c5ac4e9eff
AWS Patterns
2020-02-23 20:58:53 +01:00
Swissky
915946a343
Fix Cloud Training
2020-02-21 10:50:43 +01:00
Swissky
bda7100a77
Fix Cloud references
2020-02-21 10:47:16 +01:00
Swissky
984078050b
Cloud - Pentest with AWS and Azure
2020-02-21 10:36:01 +01:00
Swissky
7f0650dfc0
IIS Raid Persistence
2020-02-20 16:51:22 +01:00
Swissky
ba30618a8b
Cobalt Strike - Artifact
2020-02-14 17:10:00 +01:00
Swissky
7cd49769be
WMI + Cobalt Strike
2020-02-13 22:53:45 +01:00
Sameer Bhatt (debugger)
994e557178
Added more TTY Shell using perl and python
2020-02-09 12:46:18 +05:30
Swissky
aba6874517
Maps API + secretsdump enabled user/pw last set + certutil mimikatz
2020-02-06 21:41:29 +01:00
socketz
056161fd9f
Updated Java & Groovy Shells
...
Added threaded shells and alternative pure Java reverse shell
2020-02-06 15:43:58 +01:00
antonioCoco
50a376337d
Update Reverse Shell Cheatsheet.md
2020-02-05 23:29:43 +01:00