Swissky
0d6d6049ce
AD + Log4shell + Windows Startup
2021-12-16 09:52:51 +01:00
Swissky
5714b9c9d7
samAccountName spoofing + Java RMI
2021-12-13 20:42:31 +01:00
Swissky
10974722b1
BloodHound Custom Queries + MSSQL CLR
2021-12-12 23:04:35 +01:00
CravateRouge
8da5f36f85
Add alternatives for AD ACL abuse from Linux
2021-11-15 17:36:05 +01:00
Swissky
3366f5eaac
Merge pull request #445 from NirLevy98/reverse_shell_delete-unused-imports
...
Delete unused import
2021-11-07 21:16:37 +01:00
Swissky
7d9dd6806e
Powershell Cheatsheet
2021-11-06 19:14:47 +01:00
Swissky
1c8067a150
Relaying with WebDav Trick + Shadow Credential
2021-10-30 21:04:23 +02:00
Swissky
e3373dd108
UnPAC The Hash + MachineKeys.txt
2021-10-26 21:56:39 +02:00
Swissky
1a3058f40c
Device Code Phish
2021-10-24 20:07:46 +02:00
Nir
4207479cce
Delete unused imports
2021-10-16 11:33:38 +03:00
Markus
6584df310f
Update Windows - Persistence.md
...
Add example to `disable windows defender` which uses MpCmdRun.exe to reset the current definitions. I recently used this and it was sufficient, that defender did not recognize previously flagged malicious files. It is quite helpful in case, that Set-MpPreference is not present or that the attacker is not allowed to adjust the service.
2021-10-14 08:53:25 +02:00
marcan2020
39a89e937a
Update breakout techniques
...
- Add a section on unassociated protocols
- Add paths to access filesystem via the address bar
- Fix Stick Keys link
- Fix Task Manager shortcut
- Add reference to HackTricks
2021-10-11 13:53:19 -04:00
Markus
d1345b0016
Update Hash Cracking Methodology
...
Add some structure to add additional tools.
Fix some typo.
Add online resources for cracking password hashes.
2021-10-11 17:08:46 +02:00
Swissky
883c35a9e5
Hash Cracking v0.1
2021-10-10 23:05:01 +02:00
p0dalirius
09b1b8984a
Update Active Directory Attack.md
2021-10-06 09:05:49 +02:00
p0dalirius
8045496946
Update Active Directory Attack.md
2021-10-06 08:59:13 +02:00
p0dalirius
19b4bee7a0
Update Active Directory Attack.md
2021-10-06 08:54:16 +02:00
p0dalirius
e0b8bee5a6
Update Active Directory Attack.md
2021-10-06 08:45:44 +02:00
p0dalirius
25b6003229
Update Active Directory Attack.md
2021-10-06 08:29:59 +02:00
p0dalirius
ee53c960f0
Update Active Directory Attack.md
2021-10-06 08:24:51 +02:00
p0dalirius
6d816c6e4b
Update Active Directory Attack.md
2021-10-06 08:23:07 +02:00
Podalirius
286b7c507e
Update Active Directory Attack.md
2021-10-06 08:15:51 +02:00
Swissky
000d1f9260
Merge pull request #426 from CravateRouge/patch-2
...
Add python check for ZeroLogon
2021-10-01 00:58:58 +02:00
CravateRouge
52d83bea5f
Add python check for ZeroLogon
2021-09-30 23:38:48 +02:00
CravateRouge
1cdd284f5b
Add Linux alternatives for GenericWrite abuse
2021-09-30 22:17:20 +02:00
Swissky
d2f63406cd
IIS + Certi + NetNTLMv1
2021-09-16 17:45:29 +02:00
Swissky
3af70155e2
DCOM Exec Impacket
2021-09-07 14:48:57 +02:00
Swissky
23438cc68e
Mitigation NTLMv1
2021-09-07 10:22:39 +02:00
Swissky
c8076e99c9
Net-NTLMv1 + DriverPrinter
2021-09-06 20:58:44 +02:00
Swissky
0f94adafe5
ESC2 + Windows Search Connectors - Windows Library Files
2021-09-01 14:10:53 +02:00
Swissky
f89597725a
Merge pull request #416 from Bort-Millipede/master
...
Expression Language Injection One-Liners; XSS Payload; Fixed Linux Py…
2021-08-25 22:17:53 +02:00
Swissky
69b99826d2
AD CS Attacks
2021-08-25 22:14:44 +02:00
Jeffrey Cap
9bde75b32d
Expression Language Injection One-Liners; XSS Payload; Fixed Linux Python IPv6 Reverse Shell Payload
2021-08-23 14:41:40 -05:00
Swissky
fde99044c5
CS NTLM Relay
2021-08-22 23:03:02 +02:00
Swissky
87be30d3b2
DB2 Injection + ADCS
2021-08-10 23:00:19 +02:00
Swissky
7ab7664469
Merge pull request #399 from Bort-Millipede/master
...
New/Updated Python Linux Reverse Shells
2021-07-31 11:26:36 +02:00
Jeffrey Cap
37e69b6162
Revised Linux Python Reverse Shells; Added New Linux Python Reverse Shells
2021-07-26 20:55:49 -05:00
Swissky
d9d4a54d03
RemotePotato0 + HiveNightmare
2021-07-26 21:25:56 +02:00
M4x
9086ff9d03
add missing header file
2021-07-26 16:04:39 +08:00
Swissky
3a4bd97762
AD CS - Mimikatz / Rubeus
2021-07-25 11:40:19 +02:00
Swissky
44735975a5
Active Directory update
2021-07-12 20:45:16 +02:00
Swissky
175c676f1e
Tmux PrivEsc + PrintNightmare update
2021-07-12 14:42:18 +02:00
Alexandre ZANNI
e2ff22b136
add CVE-2021-34527 + It Was All A Dream scanner
2021-07-08 10:40:01 +02:00
Swissky
2f8fc7bbb9
PrintNightmare - Mimikatz
2021-07-05 21:57:14 +02:00
Swissky
459f4c03fc
Dependency Confusion + LDAP
2021-07-04 13:32:32 +02:00
Sean R. Abraham
1fcbd576fe
Fix typo in Linux - Persistence.md
2021-07-02 16:18:35 -06:00
Sameer Bhatt (debugger)
0b8293b135
Added Reverse Shell using Telnet
...
Added Reverse Shell using Telnet.
2021-07-01 20:29:56 +05:30
Swissky
80816aee31
PrintNightmare - #385
2021-07-01 14:40:03 +02:00
Swissky
4e95162dc3
BadPwdCount attribute + DNS
2021-06-28 22:08:06 +02:00
Swissky
ab0e487500
Cobalt Strike spunner + pivotnacci
2021-06-27 23:58:13 +02:00
leongross
e31de3dd6b
Update Subdomains Enumeration.md
2021-06-25 09:17:27 +02:00
Swissky
85a7ac8a76
Shadow Credentials + AD CS Relay + SSSD KCM
2021-06-24 15:26:05 +02:00
Swissky
a723a34449
PS Transcript + PPLdump.exe
2021-05-06 18:26:00 +02:00
soka
a4bdabea83
Add AWS DynamoDB enumeration
2021-04-30 21:44:21 +02:00
Swissky
1592756f9c
Merge pull request #348 from pswalia2u/patch-1
...
Update Reverse Shell Cheatsheet.md
2021-04-26 10:05:59 +02:00
Swissky
08b59f2856
AD update CME+DCOM
2021-04-21 22:27:07 +02:00
Ryan Montgomery
7ae038d919
Update Reverse Shell Cheatsheet.md
...
Added: Automatic Reverse Shell Generator
2021-04-18 10:50:41 -04:00
clem9669
7a564cb859
Update Linux - Privilege Escalation.md
...
Fixing Markdow URL typo in writable network-scripts section
2021-04-15 10:07:43 +00:00
Micah Van Deusen
f23de13d96
Added method to read gMSA
2021-04-10 10:58:05 -05:00
Ricardo
604618ed41
Improve Ruby reverse shell
...
Now the reverse shell supports the "cd" command and maintains persistence when an error is raised.
2021-04-02 16:36:58 -04:00
secnigma
059a866fd2
Added Netcat BusyBox
...
Some embedded systems like busybox won't have mkfifo present; instead, they will have mknod. This updated code can spawn reverse shell in systems that use mknod instead of mkfifo.
2021-04-01 13:27:20 +05:30
pswalia2u
209380740b
Update Reverse Shell Cheatsheet.md
...
Added new Bash TCP reverse shell
2021-03-28 18:58:07 +05:30
Swissky
0443babe35
Relay + MSSQL Read File
2021-03-25 18:25:02 +01:00
Swissky
f6b9d63bf8
DCOM exploitation and MSSQL CLR
2021-03-24 22:26:23 +01:00
Swissky
bd2166027e
GMSA Password + Dart Reverse Shell
2021-03-24 12:44:35 +01:00
cosmin-bianu
13d54a5c24
Fixed Java payload
...
- Declared variables
- Added semicolons at the end of each line
- Fixed the bash command
2021-03-12 13:20:15 +02:00
c14dd49h
ca28c69e67
Update Active Directory Attack.md
2021-02-26 14:14:10 +01:00
Swissky
8d31b7240b
Office Attacks
2021-02-21 20:17:57 +01:00
mpgn
d1c23c5863
Unload the service mimi
2021-02-17 12:21:16 +01:00
mpgn
9be371d793
add mimikatz command to protect a process again after removing the protection
...
fe4e984055/mimikatz/modules/kuhl_m_kernel.c (L99)
2021-02-17 12:15:47 +01:00
Valentín Blanco
73f6ab940c
Update Windows - Privilege Escalation.md
...
Adding WES-NG which is a great and updated replacement for Windows-Exploit-Suggester.
2021-02-10 15:52:41 +01:00
Jakub 'unknow' Mrugalski
9244fe0480
[typo] changed sshs_config to sshd_config
2021-02-05 12:24:49 +01:00
Swissky
092083af5c
AD - Printer Bug + Account Lock
2021-01-29 22:10:22 +01:00
PinkDev1
93769768e2
Added EoP - $PATH Interception
2021-01-28 19:45:54 +00:00
Swissky
01aadf3a44
Alternate Data Stream
2021-01-13 10:22:59 +01:00
lanjelot
5cfa93f98b
Add new cloudsplaining tool to AWS Pentest page
2021-01-12 22:59:37 +11:00
Swissky
3a6ac550b8
DSRM Admin
2021-01-08 23:41:50 +01:00
Tim Gates
7846225bfd
docs: fix simple typo, accound -> account
...
There is a small typo in Methodology and Resources/Active Directory Attack.md.
Should read `account` rather than `accound`.
2020-12-23 09:16:40 +11:00
Swissky
16b207eb0b
LAPS Password
2020-12-20 21:45:41 +01:00
Swissky
67752de6e9
Bronze Bit Attack
2020-12-18 22:38:30 +01:00
lanjelot
e0c745cbf4
Fix AWS duplicated tool enumerate-iam
2020-12-18 22:52:21 +11:00
lanjelot
4b9baf37d3
Add dufflebag tool and cleanup
2020-12-18 22:45:07 +11:00
Swissky
f7e8f515a5
Application Escape and Breakout
2020-12-17 08:56:58 +01:00
lanjelot
4c18e29a6b
Fix links and duplicated nmap and massscan examples
2020-12-13 04:50:59 +11:00
Swissky
73fdd6e218
Mimikatz - Elevate token with LSA protection
2020-12-09 23:33:40 +01:00
Swissky
19a2950b8d
AMSI + Trust
2020-12-08 14:31:01 +01:00
Swissky
78cc68674b
Merge pull request #296 from brnhrd/patch-1
...
Fix table of contents
2020-12-07 17:21:02 +01:00
Swissky
f48ee0bca5
Deepce - Docker Enumeration, Escalation of Privileges and Container Escapes
2020-12-06 18:59:43 +01:00
Swissky
27050f6dd8
MSSQL Server Cheatsheet
2020-12-05 11:37:34 +01:00
Swissky
e13f152b74
AD - Recon
2020-12-02 18:43:13 +01:00
brnhrd
15e44bdfe6
Fix table of contents
2020-12-02 14:19:59 +01:00
lanjelot
bca107cc64
Move duplicated tool references into one place
2020-11-30 01:38:04 +11:00
lanjelot
10e6c075f7
Add tool nccgroup/s3_objects_check
2020-11-30 01:17:15 +11:00
Swissky
b918095775
AzureHound
2020-11-24 12:41:34 +01:00
Abass Sesay
95b07c9e3e
Sorted the list of revshell options
...
Miniscule change because it was grinding my grinding my gears that the list is not sorted :-)
2020-11-14 09:20:49 -08:00
Swissky
bd184487e5
NTLM Hashcat
2020-11-06 16:20:03 +01:00
Swissky
1137bfca8d
Remote Desktop Services Shadowing
2020-10-30 21:10:00 +01:00
Gorgamite
f9389d708b
Added winPEAS to windows privilege escalation tool
...
WinPEAS is a really thorough privesc enumeration tool for windows, you can find it here: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe
It doesn't auto exploit, but it's rather thorough and effective.
2020-10-29 03:57:40 -07:00
Swissky
db533aabd4
Merge pull request #280 from Gorgamite/master
...
Added LinPEAS to Linux Privesc.
2020-10-29 11:56:44 +01:00
Gorgamite
ff3b45e0b7
Added LinPEAS to Linux Privesc.
...
I very strongly recommend adding LinPEAS to the enumeration tools. LinPEAS is arguably the best linux privesc enumeration tool out there. If you haven't used it, I'd try it out. It highlights all relevant information with color coded text, and you can pass it parameters to control the thoroughness of the scan. You should add WinPEAS for windows privesc as well.
2020-10-29 03:50:05 -07:00