Th1b4ud
29194a8ef1
Add others shell on reverse shell cheatsheet
...
Add others shell on reverse shell cheatsheet
2020-04-13 19:06:01 +02:00
Swissky
6e7af5a267
Docker Registry - Pull/Download
2020-04-04 18:27:41 +02:00
M4x
1d299f55c9
Delete unnecessary escape characters
...
`whoami` has already been wrapped in backquotes. There is no need to user escape characters again
2020-03-29 23:40:39 +08:00
Swissky
be8f32b586
Docker escape and exploit
2020-03-29 16:48:09 +02:00
Swissky
95ab07b45e
CloudTrail disable, GraphQL tool
2020-03-28 12:01:56 +01:00
guenicoe
a3cc577ebd
added cmd on the USOSVC vuln
...
Added `cmd \c C:\Users\nc.exe` as not typing `cmd \c` did not work for me. Might need even more explanation
2020-03-24 20:15:59 +00:00
PixeL
1b190939c4
Remove example from win priv esc
...
This example was used on hackthebox where it leaked the root flag of a machine on free servers.
This resulted in every user being able to get the root flag before they have even completed the box which isn't fair to others.
This example should either be changed or removed completely to combat copy-pasting without knowing what you're doing.
2020-03-23 17:17:42 -05:00
Fanis Katsimpas
2bdbb2dbc5
Update Windows - Privilege Escalation.md
...
Make powershell on EoP - Runas easier to copy paste
2020-03-22 19:25:35 +00:00
Swissky
1538ccd7f2
Gaining AWS Console Access via API Keys
2020-03-19 11:59:49 +01:00
Swissky
1f3a94ba88
AWS SSM + Shadow copy attack
2020-03-06 15:30:38 +01:00
Swissky
5d87804f71
AWS EC2 Instance Connect + Lambda + SSM
2020-03-06 13:33:14 +01:00
Swissky
c19e36ad34
Azure AD Connect - MSOL Account's password and DCSync
2020-03-01 17:06:31 +01:00
Swissky
71a307a86b
AWS - EC2 copy image
2020-02-29 12:56:00 +01:00
Swissky
74f2dfccca
Kerberos Constrained Delegation
2020-02-23 21:20:46 +01:00
Swissky
c5ac4e9eff
AWS Patterns
2020-02-23 20:58:53 +01:00
Swissky
915946a343
Fix Cloud Training
2020-02-21 10:50:43 +01:00
Swissky
bda7100a77
Fix Cloud references
2020-02-21 10:47:16 +01:00
Swissky
984078050b
Cloud - Pentest with AWS and Azure
2020-02-21 10:36:01 +01:00
Swissky
7f0650dfc0
IIS Raid Persistence
2020-02-20 16:51:22 +01:00
Swissky
ba30618a8b
Cobalt Strike - Artifact
2020-02-14 17:10:00 +01:00
Swissky
7cd49769be
WMI + Cobalt Strike
2020-02-13 22:53:45 +01:00
Sameer Bhatt (debugger)
994e557178
Added more TTY Shell using perl and python
2020-02-09 12:46:18 +05:30
Swissky
aba6874517
Maps API + secretsdump enabled user/pw last set + certutil mimikatz
2020-02-06 21:41:29 +01:00
socketz
056161fd9f
Updated Java & Groovy Shells
...
Added threaded shells and alternative pure Java reverse shell
2020-02-06 15:43:58 +01:00
antonioCoco
50a376337d
Update Reverse Shell Cheatsheet.md
2020-02-05 23:29:43 +01:00
Swissky
fb76fdc331
Windows Firewall + DLL hijacking + Named pipes
2020-02-01 22:12:36 +01:00
Swissky
be0397fa68
BloodHound ZIP + Zero Width space tip
2020-01-19 22:46:45 +01:00
Mehtab Zafar
8dc1e3c5fe
Update TTY shell command for python
...
Made the command to use python3 because mostly now the machines have python3 installed.
2020-01-10 17:57:53 +05:30
Ayoma Wijethunga
7f34c01794
Change IP and port to a common value across commands
2020-01-09 16:20:49 +05:30
Ayoma Wijethunga
96b9adb98b
Change IP and port to a common value across commands
2020-01-09 16:17:35 +05:30
Swissky
742c7ee3c2
AppLocker rules
2020-01-06 23:03:54 +01:00
Swissky
71171fa78b
SSRF exploiting WSGI
2020-01-05 22:11:28 +01:00
Swissky
3a9b9529cb
Mimikatz - Credential Manager & DPAPI
2020-01-05 17:27:02 +01:00
Swissky
73abdeed71
Kerberos AD GPO
2020-01-05 16:28:00 +01:00
Swissky
b052f78d95
Blacklist3r and Machine Key
2020-01-02 23:33:04 +01:00
György Demarcsek
9c188139ec
Added PHP reverse shell
...
This reverse shell payload for PHP works even if `exec` is disabled and/or the new socket is not on fd 3
2020-01-02 19:27:35 +01:00
Swissky
0a6ac284c9
AdminSDHolder Abuse
2019-12-30 19:55:47 +01:00
Swissky
bcb24c9866
Abusing Active Directory ACLs/ACEs
2019-12-30 14:22:10 +01:00
Swissky
4b10c5e302
AD mitigations
2019-12-26 12:09:23 +01:00
Swissky
1535c5f1b3
Kubernetes - Privileged Service Account Token
2019-12-20 11:33:25 +01:00
Swissky
cf5a4b6e97
XSLT injection draft
2019-12-17 21:13:59 +01:00
Swissky
896e262531
Privilege impersonation and GraphQL SQLi
2019-12-11 16:59:14 +01:00
Swissky
6f4a28ef66
Slim RCE + CAP list
2019-12-05 23:06:53 +01:00
Swissky
c60f264664
RDP backdoor + RDP session takeover
2019-11-26 23:39:14 +01:00
Swissky
06864b0ff8
Password spraying rewrite + Summary fix
2019-11-25 23:35:20 +01:00
Swissky
3abaa3e23d
Linux AD - Keyring, Keytab, CCACHE
2019-11-25 23:12:06 +01:00
Swissky
00684a10cd
IIS asp shell with .asa, .cer, .xamlx
2019-11-16 14:53:42 +01:00
Swissky
639dc9faec
.url file in writeable share
2019-11-14 23:54:57 +01:00
Swissky
3a384c34aa
Password spray + AD summary re-org
2019-11-14 23:37:51 +01:00
Swissky
7f266bfda8
mitm ipv6 + macOS kerberoasting
2019-11-14 23:26:13 +01:00
M4x
221b353030
fix invalid link
2019-11-14 16:59:52 +08:00
Swissky
43f185d289
CVE-2019-1322 UsoSvc
2019-11-11 20:31:07 +01:00
Swissky
f6d5221a85
SID history break trust + Powershell history + SCF files
2019-11-07 23:21:00 +01:00
Swissky
24516ca7a1
Kubernetes attacks update + ref to securityboulevard
2019-11-05 11:05:59 +01:00
Swissky
60050219b7
Impersonating Office 365 Users on Azure AD Connect
2019-11-04 21:43:44 +01:00
Dave
775d10c256
Fix awk snippet
...
A small typo in the awk one-liner prevents successful execution of the command.
```
awk: cmd. line:1: warning: remote host and port information (10.0.0.1>, 4242) invalid: Name or service not known
awk: cmd. line:1: fatal: can't open two way pipe `/inet/tcp/0/10.0.0.1>/4242' for input/output (No such file or directory)
```
This commit fixes this :)
2019-11-03 16:07:16 +00:00
Dave
6b22d53257
Fix lua reverse shell quote issue
...
The single quotes around `io.popen` prevented the one-liner to be executed.
This change should fix that :)
2019-10-29 19:31:07 +00:00
Hi15358
34d8853728
Merge pull request #1 from Hi15358/patch-1
...
Patch 1
2019-10-29 16:30:58 +08:00
Swissky
727eb5cabd
Drop the MIC
2019-10-21 23:00:27 +02:00
Swissky
11fc6e4bc5
NTLM relay + MS08-068
2019-10-20 22:09:36 +02:00
Hi15358
b54142c3a2
Update Reverse Shell Cheatsheet.md
2019-10-21 02:35:13 +08:00
Swissky
ed252df92e
krb5.keytab + credential use summary
2019-10-20 13:25:06 +02:00
Swissky
7159a3ded3
RODC dcsync note + Dumping AD Domain summary
2019-10-18 00:07:09 +02:00
OOP
f0af3b4f4d
Update Active Directory Attack.md
2019-10-15 23:18:07 +07:00
Swissky
357658371f
SSRF URL for Google Cloud
2019-10-06 20:59:58 +02:00
Mark
3fb2a9006f
Add Spyse to network discovery
...
1. spyse itself
2. python wrapper - using only a part of the available functionality of spyse, but will be updated very soon.
2019-09-30 15:26:26 +04:00
Swissky
3221197b1e
RCE vBulletin + findomain
2019-09-26 20:41:01 +02:00
Swissky
742e3204d3
SharpPersist - Windows Persistence
2019-09-13 17:38:23 +02:00
Swissky
5455c30ec7
Juicy Potato + XXE update
2019-09-08 19:44:51 +02:00
Swissky
2b1900e046
PrivEsc - sudoers + Upload PHP
2019-09-02 12:36:40 +02:00
Swissky
3ca07aeb7a
Docker Privesc - Unix socket
2019-08-30 17:25:07 +02:00
Alexandre ZANNI
72c54b5c1b
add missing backtick
2019-08-29 09:49:09 +02:00
Swissky
bb305d0183
Network Discovery - Masscan update
2019-08-29 01:08:26 +02:00
Swissky
6c161f26b2
JWT None alternative + MS15-051
2019-08-22 23:03:48 +02:00
David B
3fd0791c2a
Update Linux - Privilege Escalation.md
...
Adding a tool that helps with privilege escalation on linux through SUDO.
2019-08-19 00:55:30 +02:00
Swissky
8dffb59ac5
Pspy + Silver Ticket + MSSQL connect
2019-08-18 22:24:48 +02:00
Swissky
4a176615fe
CORS Misconfiguration
2019-08-18 12:08:51 +02:00
Swissky
b6697d8595
SSRF SVG + Windows Token getsystem
2019-08-15 18:21:06 +02:00
Swissky
bd449e9cea
XSS PostMessage
2019-08-03 23:22:14 +02:00
Swissky
6baa446144
Directory Traversal CVE 2018 Spring
2019-07-27 13:02:16 +02:00
Swissky
98124178db
EoP - Juicy Potato
2019-07-26 15:29:34 +02:00
Swissky
657823a353
PTH Mitigation + Linux Smart Enumeration
2019-07-26 14:24:58 +02:00
Swissky
f6c0f226af
PXE boot attack
2019-07-25 14:08:32 +02:00
Swissky
859695e2be
Update PrivExchange based on chryzsh blog post
2019-07-24 14:10:58 +02:00
Swissky
a14b3af934
Active Directory - Resource Based Constrained Delegation
2019-07-22 21:45:50 +02:00
Swissky
45af613fd9
Active Directory - Unconstrained delegation
2019-07-17 23:17:35 +02:00
Swissky
13ba72f124
GraphQL + RDP Bruteforce + PostgreSQL RCE
2019-07-01 23:29:29 +02:00
Swissky
46780de750
PostgreSQL rewrite + LFI SSH
2019-06-29 19:23:34 +02:00
Swissky
144b3827ab
MS14-068 + /etc/security/opasswd
2019-06-29 17:55:13 +02:00
Swissky
9be62677b6
Add root user + PHP null byte version
2019-06-24 00:21:39 +02:00
Swissky
9745e67465
HQL Injection + references update
2019-06-16 23:45:52 +02:00
Dan Borges
24a05c7098
Update Windows - Privilege Escalation.md
2019-06-11 11:51:09 -07:00
Swissky
8cec2e0ca3
Linux PrivEsc - Writable files
2019-06-10 11:09:02 +02:00
Swissky
94a60b43d6
Writable /etc/sudoers + Meterpreter autoroute
2019-06-10 11:00:54 +02:00
Swissky
a85fa5af28
Local File Include : rce via mail + kadimus
2019-06-10 00:05:47 +02:00
Swissky
5d4f65720a
PrivEsc - Common Exploits
2019-06-09 20:53:41 +02:00
Swissky
e8cd11f88f
plink + sshuttle : Network Pivoting Techniques
2019-06-09 18:13:15 +02:00
Swissky
adcea1a913
Linux PrivEsc + SSH persistency
2019-06-09 16:05:44 +02:00
Swissky
f5a8a6b62f
Meterpreter shell
2019-06-09 14:26:14 +02:00
Swissky
93f6c03b54
GraphQL + LXD/etc/passwd PrivEsc + Win firewall
2019-06-09 13:46:40 +02:00
Swissky
f88da43e1c
SQL informationschema.processlist + UPNP warning + getcap -ep
2019-05-25 18:19:08 +02:00
Swissky
9c2e63818f
XSS without parenthesis, semi-colon + Lontara
2019-05-15 21:55:17 +02:00
Swissky
b81df17589
RFI - Windows SMB allow_url_include = "Off"
2019-05-12 22:23:55 +02:00
Swissky
bab04f8587
Masscan + AD password in description + ZSH revshell bugfix + Mimikatz lsass.dmp
2019-05-12 21:34:09 +02:00
Swissky
765c615efe
XSS injection Summary + MSF web delivery
2019-05-12 14:22:48 +02:00
Swissky
9dfd7835ea
mitm6 + ntlmrelayx
2019-04-21 14:08:18 +02:00
Swissky
13864bde04
GoGitDumper + MySQL summary rewrite
2019-04-15 00:49:56 +02:00
Swissky
b4633bbb66
sudo_inject + SSTI FreeMarker + Lin PrivEsc passwords
2019-04-14 21:01:14 +02:00
Swissky
c66197903f
MYSQL Truncation attack + Windows search where
2019-04-14 19:46:34 +02:00
Swissky
546ecd0e36
Linux Privesc - /etc/passwd writable
2019-04-07 23:40:36 +02:00
Alex Zeecka
4b79b865c9
--dc-ip to -dc-ip for psexec cmd
2019-04-03 10:45:45 +02:00
Swissky
187762fac5
Fix typo in reverse shell
2019-04-02 22:45:08 +02:00
Swissky
3af87ddf98
Reverse shell summary + golang
2019-04-02 22:43:44 +02:00
kisec
1eb57ad919
Reverse shell Golang
2019-04-01 12:01:45 +09:00
Swissky
289fa8c22b
PrivEsc - Linux Task
2019-03-31 15:05:13 +02:00
Swissky
90b182f10f
AD references - Blog Post + SSTI basic config item
2019-03-24 16:26:00 +01:00
Swissky
a509909561
PostgreSQL RCE CVE-2019–9193 + ADAPE + WinPrivEsc Resources
2019-03-24 16:00:27 +01:00
Swissky
5d1b8bca79
SAML exploitation + ASREP roasting + Kerbrute
2019-03-24 13:16:23 +01:00
Swissky
e9489f0768
Linux Priv Esc - minor update
2019-03-18 23:19:36 +01:00
Swissky
e5090f2797
Bazaar - version control system
2019-03-15 23:27:14 +01:00
Swissky
ec61e99334
Linux - PrivEsc typo
2019-03-08 20:09:01 +01:00
Swissky
b22fd26800
Linux PrivEsc - LXD Group
2019-03-07 15:27:54 +01:00
Swissky
68df152fd3
Linux PrivEsc - Wildcard/NFS/Sudo
2019-03-07 15:09:06 +01:00
Swissky
404afd1d71
Fix name's capitalization
2019-03-07 00:07:55 +01:00
Swissky
21d1fe7eee
Fix name - Part 1
2019-03-07 00:07:14 +01:00
Swissky
450de2c90f
Typo fix
2019-03-04 19:40:34 +01:00
Swissky
e36b15a6d7
Windows PrivEsc - Table of content update
2019-03-03 20:05:27 +01:00
Swissky
ecadcf3d0f
Windows PrivEsc - Full rewrite
2019-03-03 20:01:25 +01:00
Swissky
2d5b4f2193
Meterpreter generate + LaTeK XSS + Ruby Yaml
2019-03-03 16:31:17 +01:00
Swissky
6d2cd684fa
Web cache deception resources update
2019-03-01 17:49:19 +01:00
Swissky
70225232c9
Polyglot Command Injection + XSS HTML file
2019-02-28 00:36:53 +01:00
Swissky
a58a8113d1
Linux capabilities - setuid + read / Docker group privesc
2019-02-26 17:24:10 +01:00
Swissky
78c882fb34
Jenkins Grrovy + MSSQL UNC + PostgreSQL list files
2019-02-17 20:02:16 +01:00
Swissky
f2273f5cce
PrivExchange attack
2019-02-10 19:51:54 +01:00
Swissky
8c1c35789d
SQLmap tamper update
2019-02-10 19:07:27 +01:00
Swissky
1c37517bf3
.git/index file parsing + fix CSRF payload typo
2019-02-07 23:33:47 +01:00
Swissky
b9f2fe367c
Bugfix - Errors in stashed changes
2019-01-28 20:27:45 +01:00
ThunderSon
99857a714f
fead: add powerless repo to the tools
2019-01-27 20:13:06 +02:00
Swissky
e07a654080
Command injection renamed + sudo/doas privesc
2019-01-22 21:45:41 +01:00
Swissky
4db45a263a
MSSQL union based + Windows Runas
2019-01-20 16:41:46 +01:00
Swissky
3bcd3d1b3c
SUID & Capabilities
2019-01-13 22:05:39 +01:00
Swissky
2e3aef1a19
Shell IPv6 + Sandbox credential
2019-01-07 18:15:45 +01:00
Swissky
e480c9358d
SQL wildcard '_' + CSV injection reverse shell
2018-12-26 01:02:17 +01:00
Swissky
bd97c0be86
README update + Typo fix in Active Directory
2018-12-25 20:41:43 +01:00
Swissky
d57d59eca7
NTLMv2 hash capturing, cracking, replaying
2018-12-25 20:35:39 +01:00
Swissky
d5478d1fd6
AWS Pacu and sections + Kerberoasting details
2018-12-25 19:38:37 +01:00
Swissky
b9efdb52d3
Linux - PrivEsc - First draft
2018-12-25 15:51:11 +01:00
Swissky
38c3bfbd9f
Windows Priv Esc - Unquoted Path, Password looting and Powershell version
2018-12-25 15:19:45 +01:00
Swissky
a6475a19d9
Adding references sectio
2018-12-24 15:02:50 +01:00
Swissky
b4aff1a826
Architecture - Files/Intruder/Images and README + template
2018-12-23 00:45:45 +01:00
Swissky
69c1d601fa
Kerberoasting + SQLmap write SSH key
2018-12-15 00:51:33 +01:00
Swissky
928a454531
Blind XSS endpoint + SSRF Google + Nmap subdomains
2018-11-25 15:44:17 +01:00
Swissky
1225a9a23d
Metasploit Cheatsheet
2018-11-24 15:32:44 +01:00
Swissky
565b40d177
reGeorg + Meterpreter socks + S3 trick name
2018-11-24 13:49:08 +01:00
Swissky
1b2ee3e67a
Subdomain enumeration - New Aquatone (Go)
2018-11-05 13:45:52 +01:00
Swissky
6bcb43e39c
LDAP fix typo + LDAP attributes + LFI filter chaining
2018-11-02 13:50:56 +01:00
Swissky
f1eefd2722
Script Docker RCE
2018-10-18 17:32:01 +02:00
Swissky
35d4139373
WebCache param miner file + Reverse shell Python TTY
2018-10-08 13:49:50 +02:00
Swissky
f0a8b6f8b8
Koadic cheatsheet renamed to "Windows - Post Exploitation"
2018-10-04 17:39:55 +02:00
Swissky
9ebf2057c5
Koadic Cheatsheet + Linux persistence in startup .desktop file
2018-10-04 17:35:57 +02:00
Swissky
747f1d172c
Reverse shell python for Windows + Lua + Awk
2018-10-02 17:17:03 +02:00
Swissky
824d8c370b
Bugfix README + Can I take over xyz
2018-10-02 16:57:01 +02:00
Swissky
1c5f8889bd
Network Discovery and Subdomains enumerations
2018-10-02 16:17:16 +02:00
Swissky
7b49f1b13a
PHP Serialization - phpggc
2018-10-01 12:30:14 +02:00
Swissky
cce0444245
SQL injection - Intruders payloads
2018-09-21 18:44:32 +02:00
Swissky
7a80647e63
Raw MD5 SQL injection + SSH Konami Code
2018-09-10 23:12:29 +02:00
Swissky
beb0ce8c54
Linux Persistence + WebLogic RCE
2018-09-03 18:41:05 +02:00
Swissky
f612a91bb5
LFI via Upload (race condition) + Network Pivot nmap
2018-08-26 15:43:26 +02:00
Swissky
b87e14a0ed
Markdown formatting - Part 2
2018-08-13 12:01:13 +02:00
Swissky
65654f81a4
Markdown formatting update
2018-08-12 23:30:22 +02:00
Swissky
177c12cb79
Multiple update in READMEs + RCE tricks
2018-08-12 00:17:58 +02:00
Swissky
644724396f
LaTeX display code + XSS location alternative
2018-08-01 21:19:18 +02:00
Swissky
93f4bbb19e
AD BloodHound + AD Relationship + SSRF Digital Ocean
2018-07-15 11:06:43 +02:00
Swissky
cdc3adee51
PassTheTicket + OpenShare + Tools(CME example)
2018-07-08 20:03:40 +02:00
Swissky
76aefd9da2
Path traversal refactor + AD cme module msf/empire + IIS web.config
2018-07-07 12:04:55 +02:00
Swissky
a7439d812d
Windows port forwarding - Netsh
2018-06-09 18:56:19 +02:00
Swissky
4ad7c70e89
SSRF to XSS + Retail account Windows
2018-06-06 00:05:28 +02:00
Swissky
8eb6cb80f9
GPP decrypt + SSRF url for cloud providers
2018-05-27 22:27:31 +02:00
Swissky
e261836532
Windows PrivEsc + SQLi second order + AD DiskShadow
2018-05-20 22:10:33 +02:00
Swissky
f1cb7ce50e
SQL Cheatsheets - Refactoring part 1
2018-05-16 23:33:14 +02:00
Swissky
81eebeaea2
AD - Ropnop Tricks
2018-05-08 22:11:36 +02:00
Swissky
6a39f25661
AD - refactor part 4 (link and src)
2018-05-06 19:07:34 +02:00
Swissky
c5bbe88372
AD - refactor part3
2018-05-05 23:11:17 +02:00
Swissky
1feccf84cb
AD refactor - Part 2 : summary
2018-05-05 17:41:04 +02:00
Swissky
6869c399d5
AD refactoring part1
2018-05-05 17:32:19 +02:00
Swissky
2dcffadd46
AD - Little fixes and refactor
2018-04-28 19:54:32 +02:00
Swissky
cb3b298451
Oracle SQL + SQL injection updates (MS SQL/MYSQL/ GENERAL)
2018-04-27 23:31:58 +02:00
Swissky
8209d32baf
Abstract for methodology
2018-04-23 21:22:11 +02:00
Swissky
54661cbd70
Bugfix - Tables Token/Brand
2018-04-23 20:55:26 +02:00
Swissky
aace268267
Payment functionality - International Tests
2018-04-23 20:45:54 +02:00
Swissky
02484cee00
BUGFIX: API Payment
2018-04-23 18:46:09 +02:00
Swissky
9c5eade544
Update methodology - Bugfix
2018-04-23 18:44:49 +02:00
Swissky
f832022920
Drupalgeddon2 update + Payment API in Methodology
2018-04-23 18:41:59 +02:00
Swissky
f62d466340
Fix Golden Ticket
2018-04-15 16:02:27 +02:00
Swissky
b8fbca3347
AD Attack - Golden Ticket + SQL/OpenRed/SSRF
2018-04-12 23:23:41 +02:00
Swissky
e6b5dfa3de
Fix README broken links
2018-03-25 23:51:22 +02:00
Swissky
d1f6e8397d
Refactoring XSS 0/?
2018-03-23 13:53:53 +01:00
Swissky
30019235f8
SQLmap tips + Active Directory attacks + SQLite injections
2018-03-12 09:17:31 +01:00
Swissky
b87c3fd7ff
Traversal Dir + NoSQL major updates + small addons
2018-02-15 23:27:42 +01:00
Swissky
3793d91fd4
Mimikatz + Credential Windows + XXE update
2017-12-06 20:40:29 +01:00