Commit Graph

547 Commits

Author SHA1 Message Date
Swissky
f6b9d63bf8 DCOM exploitation and MSSQL CLR 2021-03-24 22:26:23 +01:00
Swissky
bd2166027e GMSA Password + Dart Reverse Shell 2021-03-24 12:44:35 +01:00
cosmin-bianu
13d54a5c24
Fixed Java payload
- Declared variables
- Added semicolons at the end of each line
- Fixed the bash command
2021-03-12 13:20:15 +02:00
c14dd49h
ca28c69e67
Update Active Directory Attack.md 2021-02-26 14:14:10 +01:00
Swissky
8d31b7240b Office Attacks 2021-02-21 20:17:57 +01:00
mpgn
d1c23c5863
Unload the service mimi 2021-02-17 12:21:16 +01:00
mpgn
9be371d793
add mimikatz command to protect a process again after removing the protection
fe4e984055/mimikatz/modules/kuhl_m_kernel.c (L99)
2021-02-17 12:15:47 +01:00
Valentín Blanco
73f6ab940c
Update Windows - Privilege Escalation.md
Adding WES-NG which is a great and updated replacement for Windows-Exploit-Suggester.
2021-02-10 15:52:41 +01:00
Jakub 'unknow' Mrugalski
9244fe0480
[typo] changed sshs_config to sshd_config 2021-02-05 12:24:49 +01:00
Swissky
092083af5c AD - Printer Bug + Account Lock 2021-01-29 22:10:22 +01:00
PinkDev1
93769768e2
Added EoP - $PATH Interception 2021-01-28 19:45:54 +00:00
Swissky
01aadf3a44 Alternate Data Stream 2021-01-13 10:22:59 +01:00
lanjelot
5cfa93f98b Add new cloudsplaining tool to AWS Pentest page 2021-01-12 22:59:37 +11:00
Swissky
3a6ac550b8 DSRM Admin 2021-01-08 23:41:50 +01:00
Tim Gates
7846225bfd
docs: fix simple typo, accound -> account
There is a small typo in Methodology and Resources/Active Directory Attack.md.

Should read `account` rather than `accound`.
2020-12-23 09:16:40 +11:00
Swissky
16b207eb0b LAPS Password 2020-12-20 21:45:41 +01:00
Swissky
67752de6e9 Bronze Bit Attack 2020-12-18 22:38:30 +01:00
lanjelot
e0c745cbf4 Fix AWS duplicated tool enumerate-iam 2020-12-18 22:52:21 +11:00
lanjelot
4b9baf37d3 Add dufflebag tool and cleanup 2020-12-18 22:45:07 +11:00
Swissky
f7e8f515a5 Application Escape and Breakout 2020-12-17 08:56:58 +01:00
lanjelot
4c18e29a6b Fix links and duplicated nmap and massscan examples 2020-12-13 04:50:59 +11:00
Swissky
73fdd6e218 Mimikatz - Elevate token with LSA protection 2020-12-09 23:33:40 +01:00
Swissky
19a2950b8d AMSI + Trust 2020-12-08 14:31:01 +01:00
Swissky
78cc68674b
Merge pull request #296 from brnhrd/patch-1
Fix table of contents
2020-12-07 17:21:02 +01:00
Swissky
f48ee0bca5 Deepce - Docker Enumeration, Escalation of Privileges and Container Escapes 2020-12-06 18:59:43 +01:00
Swissky
27050f6dd8 MSSQL Server Cheatsheet 2020-12-05 11:37:34 +01:00
Swissky
e13f152b74 AD - Recon 2020-12-02 18:43:13 +01:00
brnhrd
15e44bdfe6
Fix table of contents 2020-12-02 14:19:59 +01:00
lanjelot
bca107cc64 Move duplicated tool references into one place 2020-11-30 01:38:04 +11:00
lanjelot
10e6c075f7 Add tool nccgroup/s3_objects_check 2020-11-30 01:17:15 +11:00
Swissky
b918095775 AzureHound 2020-11-24 12:41:34 +01:00
Abass Sesay
95b07c9e3e
Sorted the list of revshell options
Miniscule change because it was grinding my grinding my gears that the list is not sorted :-)
2020-11-14 09:20:49 -08:00
Swissky
bd184487e5 NTLM Hashcat 2020-11-06 16:20:03 +01:00
Swissky
1137bfca8d Remote Desktop Services Shadowing 2020-10-30 21:10:00 +01:00
Gorgamite
f9389d708b
Added winPEAS to windows privilege escalation tool
WinPEAS is a really thorough privesc enumeration tool for windows, you can find it here: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe
It doesn't auto exploit, but it's rather thorough and effective.
2020-10-29 03:57:40 -07:00
Swissky
db533aabd4
Merge pull request #280 from Gorgamite/master
Added LinPEAS to Linux Privesc.
2020-10-29 11:56:44 +01:00
Gorgamite
ff3b45e0b7
Added LinPEAS to Linux Privesc.
I very strongly recommend adding LinPEAS to the enumeration tools. LinPEAS is arguably the best linux privesc enumeration tool out there. If you haven't used it, I'd try it out. It highlights all relevant information with color coded text, and you can pass it parameters to control the thoroughness of the scan. You should add WinPEAS for windows privesc as well.
2020-10-29 03:50:05 -07:00
Gorgamite
1b69a3ef73
Update Linux - Privilege Escalation.md 2020-10-29 03:22:08 -07:00
Vincent Gilles
0b90094002 Fix(Docs): Correcting typos on the repo 2020-10-17 22:52:35 +02:00
marcan2020
693349da56
Add Python bind shell 2020-10-17 14:52:36 -04:00
Swissky
5a1ae58a59 Sticky Notes Windows + Cobalt SMB 2020-10-16 11:35:15 +02:00
Swissky
3368084b2d CS Beacon - SMB Error Code 2020-10-15 17:22:00 +02:00
Swissky
b32f4754d7 Keytab + schtasks 2020-10-15 12:35:05 +02:00
Swissky
913f2d2381
Merge pull request #253 from yoavbls/add-cloudflared
Use cloudflared to expose internal services
2020-10-09 10:34:26 +02:00
Swissky
0f098c8a2c
Merge pull request #251 from ritiksahni/patch-1
Removed broken link
2020-10-09 10:33:43 +02:00
Swissky
c9be68f0a1 Privilege File Write - Update 2020-10-08 16:51:11 +02:00
Swissky
0df0cc9cf8 Privileged File Write 2020-10-08 16:39:25 +02:00
Swissky
52b0cd6030 Ligolo Reverse Tunneling 2020-10-08 11:23:12 +02:00
YoavB
dbddc717af Use cloudflared to expose internal service 2020-10-03 22:34:28 +03:00
ritiksahni
7e0e06682b
Removed broken link
bitrot.sh domain is expired and hence the link in the markdown file was broken.
2020-10-03 00:25:36 +05:30
@cnagy
50c12f2e71
Added cURL command for Wayback Machine querying 2020-10-02 15:26:57 +00:00
@cnagy
ec1f89fbe6
Updated Responder link and added InveighZero 2020-10-02 04:39:09 +00:00
Swissky
837d2641b7 Persistence - Scheduled Tasks 2020-09-30 11:46:04 +02:00
Swissky
6c1a6c41aa Docker - Kernel Module 2020-09-27 13:53:13 +02:00
Swissky
0cee482b32
Merge pull request #239 from zero77/patch-1
Update Linux - Persistence.md
2020-09-23 17:30:32 +02:00
Swissky
229502c497
Update Linux - Persistence.md 2020-09-23 17:29:34 +02:00
Swissky
1a0e31a05e Zero Logon - Restore pwd 2020-09-18 21:21:55 +02:00
Swissky
f4ef56fca0 Mimikatz Zerologon + reset pwd 2020-09-17 14:05:54 +02:00
Swissky
62678c26ce .NET Zero Logon 2020-09-16 14:31:59 +02:00
Swissky
14586e4d7a ZeroLogon via Mimikatz 2020-09-16 14:13:40 +02:00
Swissky
e79918bdc2 CVE-2020-1472 Unauthenticated domain controller compromise 2020-09-14 23:06:09 +02:00
Swissky
bcd700c951 AWS API calls that return credentials - kmcquade 2020-09-06 17:11:30 +02:00
zero77
f1d55a132a
Update Linux - Persistence.md 2020-09-02 09:43:25 +00:00
Swissky
cc95f4e386 AD - Forest to Forest compromise 2020-08-18 09:33:38 +02:00
Justin Perdok
f11c45650b
Update Active Directory Attack.md 2020-08-17 13:18:30 +00:00
Justin Perdok
1284715128
Update Active Directory Attack.md 2020-08-17 13:15:33 +00:00
Justin Perdok
6f3f2239fa
GenericWrite and Remote Connection Manager
Added content from https://sensepost.com/blog/2020/ace-to-rce/
2020-08-17 13:00:04 +00:00
Swissky
33129f2b4c Silver Ticket with services list 2020-08-09 19:25:03 +02:00
Swissky
c7e3ea005e Powershell Remoting 2020-08-09 12:15:56 +02:00
Swissky
767eb04af6 Persistence - Typo 2020-07-21 19:48:57 +02:00
Swissky
ca9326b5fc Driver Privilege Escalation 2020-07-13 15:00:36 +02:00
Swissky
dd40ddd233 XSS summary subentries + GraphTCP 2020-07-12 14:44:33 +02:00
Artiom Mocrenco
62443a3753
fix typo 2020-07-08 18:01:12 +03:00
Artiom Mocrenco
2d7d6d6eed
Add TLS-PSK OpenSSL reverse shell method 2020-07-08 17:01:38 +03:00
Swissky
5b1a79cb56 Docker device file breakout 2020-07-04 19:00:56 +02:00
Swissky
ecf29c2cbe Active Directory - Mitigations 2020-06-18 11:55:48 +02:00
Swissky
71ddb449ce Windows Persistence 2020-06-01 21:37:32 +02:00
Swissky
5323ceb37c SUDO CVE + Windows Drivers PrivEsc 2020-05-28 11:19:16 +02:00
Swissky
4ca5e71c2f Bind shell cheatsheet (Fix #194) 2020-05-24 14:09:46 +02:00
Swissky
c1731041b5 Misc & Tricks Page + AMSI + Defender 2020-05-16 13:22:55 +02:00
Swissky
eb074393df Windows Persistence - Binary replacing 2020-05-13 23:07:39 +02:00
Swissky
a65fdbb568 XSW 4 Fix #205 2020-05-12 14:27:25 +02:00
Swissky
e95a4aeac0 MSOL AD Spray 2020-05-11 17:08:03 +02:00
Swissky
3ed2b28e59 Add user /Y + GPO Powerview 2020-05-10 23:16:29 +02:00
Swissky
7f1c150edd Mimikatz Summary 2020-05-10 16:17:10 +02:00
joker2a
32b83da302
Update Linux - Privilege Escalation.md
Add new privesc for (Centos/Redhat)
Writable /etc/sysconfig/network-scripts/
2020-05-04 11:44:24 +02:00
guanicoe
1fc8b57c85
Update Windows - Privilege Escalation.md
added Get-Process to list processes
2020-05-03 21:11:01 +00:00
Swissky
5163ef902c XSS Google Scholar Payload + Skeleton Key Persistence 2020-05-03 16:28:17 +02:00
Swissky
04899355ad Magic Hashes + SQL fuzz 2020-04-26 21:43:42 +02:00
Th1b4ud
7c8e9ac4ce Typo 2020-04-22 16:01:49 +02:00
Th1b4ud
14d03b96a1 Linux privesc - SSH Key Predictable PRNG (Authorized_Keys) Process - Summary 2020-04-22 16:00:31 +02:00
Th1b4ud
2e507a2b2f Linux privesc - SSH Key Predictable PRNG (Authorized_Keys) Process 2020-04-22 15:55:10 +02:00
Th1b4ud
2740600a6b
Alternative TTY method with /usr/bin/script 2020-04-21 19:21:51 +02:00
Swissky
89f906f7a8 Fix issue - C reverse shell 2020-04-21 11:17:39 +02:00
Swissky
af6760ef7a RoadRecon + JSON None refs 2020-04-17 16:34:51 +02:00
Th1b4ud
29194a8ef1
Add others shell on reverse shell cheatsheet
Add others shell on reverse shell cheatsheet
2020-04-13 19:06:01 +02:00
Swissky
6e7af5a267 Docker Registry - Pull/Download 2020-04-04 18:27:41 +02:00
M4x
1d299f55c9
Delete unnecessary escape characters
`whoami` has already been wrapped in backquotes. There is no need to user escape characters again
2020-03-29 23:40:39 +08:00
Swissky
be8f32b586 Docker escape and exploit 2020-03-29 16:48:09 +02:00
Swissky
95ab07b45e CloudTrail disable, GraphQL tool 2020-03-28 12:01:56 +01:00
guenicoe
a3cc577ebd
added cmd on the USOSVC vuln
Added `cmd \c C:\Users\nc.exe` as not typing `cmd \c` did not work for me. Might need even more explanation
2020-03-24 20:15:59 +00:00
PixeL
1b190939c4
Remove example from win priv esc
This example was used on hackthebox where it leaked the root flag of a machine on free servers.
This resulted in every user being able to get the root flag before they have even completed the box which isn't fair to others.

This example should either be changed or removed completely to combat copy-pasting without knowing what you're doing.
2020-03-23 17:17:42 -05:00
Fanis Katsimpas
2bdbb2dbc5
Update Windows - Privilege Escalation.md
Make powershell on EoP - Runas easier to copy paste
2020-03-22 19:25:35 +00:00
Swissky
1538ccd7f2 Gaining AWS Console Access via API Keys 2020-03-19 11:59:49 +01:00
Swissky
1f3a94ba88 AWS SSM + Shadow copy attack 2020-03-06 15:30:38 +01:00
Swissky
5d87804f71 AWS EC2 Instance Connect + Lambda + SSM 2020-03-06 13:33:14 +01:00
Swissky
c19e36ad34 Azure AD Connect - MSOL Account's password and DCSync 2020-03-01 17:06:31 +01:00
Swissky
71a307a86b AWS - EC2 copy image 2020-02-29 12:56:00 +01:00
Swissky
74f2dfccca Kerberos Constrained Delegation 2020-02-23 21:20:46 +01:00
Swissky
c5ac4e9eff AWS Patterns 2020-02-23 20:58:53 +01:00
Swissky
915946a343 Fix Cloud Training 2020-02-21 10:50:43 +01:00
Swissky
bda7100a77 Fix Cloud references 2020-02-21 10:47:16 +01:00
Swissky
984078050b Cloud - Pentest with AWS and Azure 2020-02-21 10:36:01 +01:00
Swissky
7f0650dfc0 IIS Raid Persistence 2020-02-20 16:51:22 +01:00
Swissky
ba30618a8b Cobalt Strike - Artifact 2020-02-14 17:10:00 +01:00
Swissky
7cd49769be WMI + Cobalt Strike 2020-02-13 22:53:45 +01:00
Sameer Bhatt (debugger)
994e557178
Added more TTY Shell using perl and python 2020-02-09 12:46:18 +05:30
Swissky
aba6874517 Maps API + secretsdump enabled user/pw last set + certutil mimikatz 2020-02-06 21:41:29 +01:00
socketz
056161fd9f
Updated Java & Groovy Shells
Added threaded shells and alternative pure Java reverse shell
2020-02-06 15:43:58 +01:00
antonioCoco
50a376337d
Update Reverse Shell Cheatsheet.md 2020-02-05 23:29:43 +01:00
Swissky
fb76fdc331 Windows Firewall + DLL hijacking + Named pipes 2020-02-01 22:12:36 +01:00
Swissky
be0397fa68 BloodHound ZIP + Zero Width space tip 2020-01-19 22:46:45 +01:00
Mehtab Zafar
8dc1e3c5fe
Update TTY shell command for python
Made the command to use python3 because mostly now the machines have python3 installed.
2020-01-10 17:57:53 +05:30
Ayoma Wijethunga
7f34c01794 Change IP and port to a common value across commands 2020-01-09 16:20:49 +05:30
Ayoma Wijethunga
96b9adb98b Change IP and port to a common value across commands 2020-01-09 16:17:35 +05:30
Swissky
742c7ee3c2 AppLocker rules 2020-01-06 23:03:54 +01:00
Swissky
71171fa78b SSRF exploiting WSGI 2020-01-05 22:11:28 +01:00
Swissky
3a9b9529cb Mimikatz - Credential Manager & DPAPI 2020-01-05 17:27:02 +01:00
Swissky
73abdeed71 Kerberos AD GPO 2020-01-05 16:28:00 +01:00
Swissky
b052f78d95 Blacklist3r and Machine Key 2020-01-02 23:33:04 +01:00
György Demarcsek
9c188139ec
Added PHP reverse shell
This reverse shell payload for PHP works even if `exec` is disabled and/or the new socket is not on fd 3
2020-01-02 19:27:35 +01:00
Swissky
0a6ac284c9 AdminSDHolder Abuse 2019-12-30 19:55:47 +01:00
Swissky
bcb24c9866 Abusing Active Directory ACLs/ACEs 2019-12-30 14:22:10 +01:00
Swissky
4b10c5e302 AD mitigations 2019-12-26 12:09:23 +01:00
Swissky
1535c5f1b3 Kubernetes - Privileged Service Account Token 2019-12-20 11:33:25 +01:00
Swissky
cf5a4b6e97 XSLT injection draft 2019-12-17 21:13:59 +01:00
Swissky
896e262531 Privilege impersonation and GraphQL SQLi 2019-12-11 16:59:14 +01:00
Swissky
6f4a28ef66 Slim RCE + CAP list 2019-12-05 23:06:53 +01:00
Swissky
c60f264664 RDP backdoor + RDP session takeover 2019-11-26 23:39:14 +01:00
Swissky
06864b0ff8 Password spraying rewrite + Summary fix 2019-11-25 23:35:20 +01:00
Swissky
3abaa3e23d Linux AD - Keyring, Keytab, CCACHE 2019-11-25 23:12:06 +01:00
Swissky
00684a10cd IIS asp shell with .asa, .cer, .xamlx 2019-11-16 14:53:42 +01:00
Swissky
639dc9faec .url file in writeable share 2019-11-14 23:54:57 +01:00
Swissky
3a384c34aa Password spray + AD summary re-org 2019-11-14 23:37:51 +01:00
Swissky
7f266bfda8 mitm ipv6 + macOS kerberoasting 2019-11-14 23:26:13 +01:00
M4x
221b353030
fix invalid link 2019-11-14 16:59:52 +08:00
Swissky
43f185d289 CVE-2019-1322 UsoSvc 2019-11-11 20:31:07 +01:00
Swissky
f6d5221a85 SID history break trust + Powershell history + SCF files 2019-11-07 23:21:00 +01:00
Swissky
24516ca7a1 Kubernetes attacks update + ref to securityboulevard 2019-11-05 11:05:59 +01:00
Swissky
60050219b7 Impersonating Office 365 Users on Azure AD Connect 2019-11-04 21:43:44 +01:00
Dave
775d10c256
Fix awk snippet
A small typo in the awk one-liner prevents successful execution of the command.

```
awk: cmd. line:1: warning: remote host and port information (10.0.0.1>, 4242) invalid: Name or service not known
awk: cmd. line:1: fatal: can't open two way pipe `/inet/tcp/0/10.0.0.1>/4242' for input/output (No such file or directory)
```

This commit fixes this :)
2019-11-03 16:07:16 +00:00
Dave
6b22d53257
Fix lua reverse shell quote issue
The single quotes around `io.popen` prevented the one-liner to be executed.
This change should fix that :)
2019-10-29 19:31:07 +00:00
Hi15358
34d8853728
Merge pull request #1 from Hi15358/patch-1
Patch 1
2019-10-29 16:30:58 +08:00
Swissky
727eb5cabd Drop the MIC 2019-10-21 23:00:27 +02:00
Swissky
11fc6e4bc5 NTLM relay + MS08-068 2019-10-20 22:09:36 +02:00
Hi15358
b54142c3a2
Update Reverse Shell Cheatsheet.md 2019-10-21 02:35:13 +08:00
Swissky
ed252df92e krb5.keytab + credential use summary 2019-10-20 13:25:06 +02:00
Swissky
7159a3ded3 RODC dcsync note + Dumping AD Domain summary 2019-10-18 00:07:09 +02:00
OOP
f0af3b4f4d
Update Active Directory Attack.md 2019-10-15 23:18:07 +07:00
Swissky
357658371f SSRF URL for Google Cloud 2019-10-06 20:59:58 +02:00
Mark
3fb2a9006f
Add Spyse to network discovery
1. spyse itself 
2. python wrapper - using only a part of the available functionality of spyse, but will be updated very soon.
2019-09-30 15:26:26 +04:00
Swissky
3221197b1e RCE vBulletin + findomain 2019-09-26 20:41:01 +02:00
Swissky
742e3204d3 SharpPersist - Windows Persistence 2019-09-13 17:38:23 +02:00
Swissky
5455c30ec7 Juicy Potato + XXE update 2019-09-08 19:44:51 +02:00
Swissky
2b1900e046 PrivEsc - sudoers + Upload PHP 2019-09-02 12:36:40 +02:00
Swissky
3ca07aeb7a Docker Privesc - Unix socket 2019-08-30 17:25:07 +02:00
Alexandre ZANNI
72c54b5c1b
add missing backtick 2019-08-29 09:49:09 +02:00
Swissky
bb305d0183 Network Discovery - Masscan update 2019-08-29 01:08:26 +02:00
Swissky
6c161f26b2 JWT None alternative + MS15-051 2019-08-22 23:03:48 +02:00
David B
3fd0791c2a
Update Linux - Privilege Escalation.md
Adding a tool that helps with privilege escalation on linux through SUDO.
2019-08-19 00:55:30 +02:00
Swissky
8dffb59ac5 Pspy + Silver Ticket + MSSQL connect 2019-08-18 22:24:48 +02:00
Swissky
4a176615fe CORS Misconfiguration 2019-08-18 12:08:51 +02:00
Swissky
b6697d8595 SSRF SVG + Windows Token getsystem 2019-08-15 18:21:06 +02:00
Swissky
bd449e9cea XSS PostMessage 2019-08-03 23:22:14 +02:00
Swissky
6baa446144 Directory Traversal CVE 2018 Spring 2019-07-27 13:02:16 +02:00
Swissky
98124178db EoP - Juicy Potato 2019-07-26 15:29:34 +02:00
Swissky
657823a353 PTH Mitigation + Linux Smart Enumeration 2019-07-26 14:24:58 +02:00
Swissky
f6c0f226af PXE boot attack 2019-07-25 14:08:32 +02:00
Swissky
859695e2be Update PrivExchange based on chryzsh blog post 2019-07-24 14:10:58 +02:00
Swissky
a14b3af934 Active Directory - Resource Based Constrained Delegation 2019-07-22 21:45:50 +02:00
Swissky
45af613fd9 Active Directory - Unconstrained delegation 2019-07-17 23:17:35 +02:00
Swissky
13ba72f124 GraphQL + RDP Bruteforce + PostgreSQL RCE 2019-07-01 23:29:29 +02:00
Swissky
46780de750 PostgreSQL rewrite + LFI SSH 2019-06-29 19:23:34 +02:00
Swissky
144b3827ab MS14-068 + /etc/security/opasswd 2019-06-29 17:55:13 +02:00
Swissky
9be62677b6 Add root user + PHP null byte version 2019-06-24 00:21:39 +02:00
Swissky
9745e67465 HQL Injection + references update 2019-06-16 23:45:52 +02:00
Dan Borges
24a05c7098
Update Windows - Privilege Escalation.md 2019-06-11 11:51:09 -07:00
Swissky
8cec2e0ca3 Linux PrivEsc - Writable files 2019-06-10 11:09:02 +02:00
Swissky
94a60b43d6 Writable /etc/sudoers + Meterpreter autoroute 2019-06-10 11:00:54 +02:00
Swissky
a85fa5af28 Local File Include : rce via mail + kadimus 2019-06-10 00:05:47 +02:00
Swissky
5d4f65720a PrivEsc - Common Exploits 2019-06-09 20:53:41 +02:00
Swissky
e8cd11f88f plink + sshuttle : Network Pivoting Techniques 2019-06-09 18:13:15 +02:00
Swissky
adcea1a913 Linux PrivEsc + SSH persistency 2019-06-09 16:05:44 +02:00
Swissky
f5a8a6b62f Meterpreter shell 2019-06-09 14:26:14 +02:00
Swissky
93f6c03b54 GraphQL + LXD/etc/passwd PrivEsc + Win firewall 2019-06-09 13:46:40 +02:00
Swissky
f88da43e1c SQL informationschema.processlist + UPNP warning + getcap -ep 2019-05-25 18:19:08 +02:00
Swissky
9c2e63818f XSS without parenthesis, semi-colon + Lontara 2019-05-15 21:55:17 +02:00
Swissky
b81df17589 RFI - Windows SMB allow_url_include = "Off" 2019-05-12 22:23:55 +02:00
Swissky
bab04f8587 Masscan + AD password in description + ZSH revshell bugfix + Mimikatz lsass.dmp 2019-05-12 21:34:09 +02:00
Swissky
765c615efe XSS injection Summary + MSF web delivery 2019-05-12 14:22:48 +02:00
Swissky
9dfd7835ea mitm6 + ntlmrelayx 2019-04-21 14:08:18 +02:00
Swissky
13864bde04 GoGitDumper + MySQL summary rewrite 2019-04-15 00:49:56 +02:00
Swissky
b4633bbb66 sudo_inject + SSTI FreeMarker + Lin PrivEsc passwords 2019-04-14 21:01:14 +02:00
Swissky
c66197903f MYSQL Truncation attack + Windows search where 2019-04-14 19:46:34 +02:00
Swissky
546ecd0e36 Linux Privesc - /etc/passwd writable 2019-04-07 23:40:36 +02:00
Alex Zeecka
4b79b865c9
--dc-ip to -dc-ip for psexec cmd 2019-04-03 10:45:45 +02:00
Swissky
187762fac5
Fix typo in reverse shell 2019-04-02 22:45:08 +02:00
Swissky
3af87ddf98 Reverse shell summary + golang 2019-04-02 22:43:44 +02:00
kisec
1eb57ad919 Reverse shell Golang 2019-04-01 12:01:45 +09:00
Swissky
289fa8c22b PrivEsc - Linux Task 2019-03-31 15:05:13 +02:00
Swissky
90b182f10f AD references - Blog Post + SSTI basic config item 2019-03-24 16:26:00 +01:00
Swissky
a509909561 PostgreSQL RCE CVE-2019–9193 + ADAPE + WinPrivEsc Resources 2019-03-24 16:00:27 +01:00
Swissky
5d1b8bca79 SAML exploitation + ASREP roasting + Kerbrute 2019-03-24 13:16:23 +01:00
Swissky
e9489f0768 Linux Priv Esc - minor update 2019-03-18 23:19:36 +01:00
Swissky
e5090f2797 Bazaar - version control system 2019-03-15 23:27:14 +01:00
Swissky
ec61e99334 Linux - PrivEsc typo 2019-03-08 20:09:01 +01:00
Swissky
b22fd26800 Linux PrivEsc - LXD Group 2019-03-07 15:27:54 +01:00
Swissky
68df152fd3 Linux PrivEsc - Wildcard/NFS/Sudo 2019-03-07 15:09:06 +01:00
Swissky
404afd1d71 Fix name's capitalization 2019-03-07 00:07:55 +01:00
Swissky
21d1fe7eee Fix name - Part 1 2019-03-07 00:07:14 +01:00
Swissky
450de2c90f Typo fix 2019-03-04 19:40:34 +01:00
Swissky
e36b15a6d7 Windows PrivEsc - Table of content update 2019-03-03 20:05:27 +01:00
Swissky
ecadcf3d0f Windows PrivEsc - Full rewrite 2019-03-03 20:01:25 +01:00
Swissky
2d5b4f2193 Meterpreter generate + LaTeK XSS + Ruby Yaml 2019-03-03 16:31:17 +01:00
Swissky
6d2cd684fa Web cache deception resources update 2019-03-01 17:49:19 +01:00
Swissky
70225232c9 Polyglot Command Injection + XSS HTML file 2019-02-28 00:36:53 +01:00
Swissky
a58a8113d1 Linux capabilities - setuid + read / Docker group privesc 2019-02-26 17:24:10 +01:00
Swissky
78c882fb34 Jenkins Grrovy + MSSQL UNC + PostgreSQL list files 2019-02-17 20:02:16 +01:00
Swissky
f2273f5cce PrivExchange attack 2019-02-10 19:51:54 +01:00
Swissky
8c1c35789d SQLmap tamper update 2019-02-10 19:07:27 +01:00
Swissky
1c37517bf3 .git/index file parsing + fix CSRF payload typo 2019-02-07 23:33:47 +01:00
Swissky
b9f2fe367c Bugfix - Errors in stashed changes 2019-01-28 20:27:45 +01:00
ThunderSon
99857a714f
fead: add powerless repo to the tools 2019-01-27 20:13:06 +02:00
Swissky
e07a654080 Command injection renamed + sudo/doas privesc 2019-01-22 21:45:41 +01:00
Swissky
4db45a263a MSSQL union based + Windows Runas 2019-01-20 16:41:46 +01:00
Swissky
3bcd3d1b3c SUID & Capabilities 2019-01-13 22:05:39 +01:00
Swissky
2e3aef1a19 Shell IPv6 + Sandbox credential 2019-01-07 18:15:45 +01:00
Swissky
e480c9358d SQL wildcard '_' + CSV injection reverse shell 2018-12-26 01:02:17 +01:00
Swissky
bd97c0be86 README update + Typo fix in Active Directory 2018-12-25 20:41:43 +01:00
Swissky
d57d59eca7 NTLMv2 hash capturing, cracking, replaying 2018-12-25 20:35:39 +01:00
Swissky
d5478d1fd6 AWS Pacu and sections + Kerberoasting details 2018-12-25 19:38:37 +01:00
Swissky
b9efdb52d3 Linux - PrivEsc - First draft 2018-12-25 15:51:11 +01:00
Swissky
38c3bfbd9f Windows Priv Esc - Unquoted Path, Password looting and Powershell version 2018-12-25 15:19:45 +01:00
Swissky
a6475a19d9 Adding references sectio 2018-12-24 15:02:50 +01:00
Swissky
b4aff1a826 Architecture - Files/Intruder/Images and README + template 2018-12-23 00:45:45 +01:00
Swissky
69c1d601fa Kerberoasting + SQLmap write SSH key 2018-12-15 00:51:33 +01:00
Swissky
928a454531 Blind XSS endpoint + SSRF Google + Nmap subdomains 2018-11-25 15:44:17 +01:00
Swissky
1225a9a23d Metasploit Cheatsheet 2018-11-24 15:32:44 +01:00
Swissky
565b40d177 reGeorg + Meterpreter socks + S3 trick name 2018-11-24 13:49:08 +01:00
Swissky
1b2ee3e67a Subdomain enumeration - New Aquatone (Go) 2018-11-05 13:45:52 +01:00
Swissky
6bcb43e39c LDAP fix typo + LDAP attributes + LFI filter chaining 2018-11-02 13:50:56 +01:00
Swissky
f1eefd2722 Script Docker RCE 2018-10-18 17:32:01 +02:00
Swissky
35d4139373 WebCache param miner file + Reverse shell Python TTY 2018-10-08 13:49:50 +02:00
Swissky
f0a8b6f8b8 Koadic cheatsheet renamed to "Windows - Post Exploitation" 2018-10-04 17:39:55 +02:00
Swissky
9ebf2057c5 Koadic Cheatsheet + Linux persistence in startup .desktop file 2018-10-04 17:35:57 +02:00
Swissky
747f1d172c Reverse shell python for Windows + Lua + Awk 2018-10-02 17:17:03 +02:00
Swissky
824d8c370b Bugfix README + Can I take over xyz 2018-10-02 16:57:01 +02:00
Swissky
1c5f8889bd Network Discovery and Subdomains enumerations 2018-10-02 16:17:16 +02:00
Swissky
7b49f1b13a PHP Serialization - phpggc 2018-10-01 12:30:14 +02:00
Swissky
cce0444245 SQL injection - Intruders payloads 2018-09-21 18:44:32 +02:00
Swissky
7a80647e63 Raw MD5 SQL injection + SSH Konami Code 2018-09-10 23:12:29 +02:00
Swissky
beb0ce8c54 Linux Persistence + WebLogic RCE 2018-09-03 18:41:05 +02:00
Swissky
f612a91bb5 LFI via Upload (race condition) + Network Pivot nmap 2018-08-26 15:43:26 +02:00
Swissky
b87e14a0ed Markdown formatting - Part 2 2018-08-13 12:01:13 +02:00
Swissky
65654f81a4 Markdown formatting update 2018-08-12 23:30:22 +02:00
Swissky
177c12cb79 Multiple update in READMEs + RCE tricks 2018-08-12 00:17:58 +02:00
Swissky
644724396f LaTeX display code + XSS location alternative 2018-08-01 21:19:18 +02:00
Swissky
93f4bbb19e AD BloodHound + AD Relationship + SSRF Digital Ocean 2018-07-15 11:06:43 +02:00
Swissky
cdc3adee51 PassTheTicket + OpenShare + Tools(CME example) 2018-07-08 20:03:40 +02:00
Swissky
76aefd9da2 Path traversal refactor + AD cme module msf/empire + IIS web.config 2018-07-07 12:04:55 +02:00
Swissky
a7439d812d Windows port forwarding - Netsh 2018-06-09 18:56:19 +02:00
Swissky
4ad7c70e89 SSRF to XSS + Retail account Windows 2018-06-06 00:05:28 +02:00
Swissky
8eb6cb80f9 GPP decrypt + SSRF url for cloud providers 2018-05-27 22:27:31 +02:00
Swissky
e261836532 Windows PrivEsc + SQLi second order + AD DiskShadow 2018-05-20 22:10:33 +02:00
Swissky
f1cb7ce50e SQL Cheatsheets - Refactoring part 1 2018-05-16 23:33:14 +02:00
Swissky
81eebeaea2 AD - Ropnop Tricks 2018-05-08 22:11:36 +02:00
Swissky
6a39f25661 AD - refactor part 4 (link and src) 2018-05-06 19:07:34 +02:00
Swissky
c5bbe88372 AD - refactor part3 2018-05-05 23:11:17 +02:00
Swissky
1feccf84cb AD refactor - Part 2 : summary 2018-05-05 17:41:04 +02:00
Swissky
6869c399d5 AD refactoring part1 2018-05-05 17:32:19 +02:00
Swissky
2dcffadd46 AD - Little fixes and refactor 2018-04-28 19:54:32 +02:00
Swissky
cb3b298451 Oracle SQL + SQL injection updates (MS SQL/MYSQL/ GENERAL) 2018-04-27 23:31:58 +02:00
Swissky
8209d32baf Abstract for methodology 2018-04-23 21:22:11 +02:00
Swissky
54661cbd70 Bugfix - Tables Token/Brand 2018-04-23 20:55:26 +02:00
Swissky
aace268267 Payment functionality - International Tests 2018-04-23 20:45:54 +02:00
Swissky
02484cee00 BUGFIX: API Payment 2018-04-23 18:46:09 +02:00
Swissky
9c5eade544 Update methodology - Bugfix 2018-04-23 18:44:49 +02:00
Swissky
f832022920 Drupalgeddon2 update + Payment API in Methodology 2018-04-23 18:41:59 +02:00
Swissky
f62d466340 Fix Golden Ticket 2018-04-15 16:02:27 +02:00
Swissky
b8fbca3347 AD Attack - Golden Ticket + SQL/OpenRed/SSRF 2018-04-12 23:23:41 +02:00
Swissky
e6b5dfa3de Fix README broken links 2018-03-25 23:51:22 +02:00
Swissky
d1f6e8397d Refactoring XSS 0/? 2018-03-23 13:53:53 +01:00
Swissky
30019235f8 SQLmap tips + Active Directory attacks + SQLite injections 2018-03-12 09:17:31 +01:00
Swissky
b87c3fd7ff Traversal Dir + NoSQL major updates + small addons 2018-02-15 23:27:42 +01:00
Swissky
3793d91fd4 Mimikatz + Credential Windows + XXE update 2017-12-06 20:40:29 +01:00
Swissky
2c048f7b52 SSRF Ip script + DDL & Execute Windows 2017-11-24 09:57:48 +01:00
Swissky
dad26ce5e5 More Burp Intruder file - SQLi + Path traversal + XSS 2017-08-06 01:12:41 +02:00