wanderer/ PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-05-30 11:56:24 +02:00
Code Issues Releases Activity
1,916 Commits 2 Branches 5 Tags 50 MiB
Commit Graph

548 Commits

Author SHA1 Message Date
Markus d1345b0016
Update Hash Cracking Methodology 
Add some structure to add additional tools.
Fix some typo.
Add online resources for cracking password hashes.
 2021-10-11 17:08:46 +02:00
Swissky 883c35a9e5 Hash Cracking v0.1 2021-10-10 23:05:01 +02:00
p0dalirius 09b1b8984a Update Active Directory Attack.md 2021-10-06 09:05:49 +02:00
p0dalirius 8045496946 Update Active Directory Attack.md 2021-10-06 08:59:13 +02:00
p0dalirius 19b4bee7a0 Update Active Directory Attack.md 2021-10-06 08:54:16 +02:00
p0dalirius e0b8bee5a6 Update Active Directory Attack.md 2021-10-06 08:45:44 +02:00
p0dalirius 25b6003229 Update Active Directory Attack.md 2021-10-06 08:29:59 +02:00
p0dalirius ee53c960f0 Update Active Directory Attack.md 2021-10-06 08:24:51 +02:00
p0dalirius 6d816c6e4b Update Active Directory Attack.md 2021-10-06 08:23:07 +02:00
Podalirius 286b7c507e
Update Active Directory Attack.md 2021-10-06 08:15:51 +02:00
Swissky 000d1f9260
Merge pull request #426 from CravateRouge/patch-2 
Add python check for ZeroLogon
 2021-10-01 00:58:58 +02:00
CravateRouge 52d83bea5f
Add python check for ZeroLogon 2021-09-30 23:38:48 +02:00
CravateRouge 1cdd284f5b
Add Linux alternatives for GenericWrite abuse 2021-09-30 22:17:20 +02:00
Swissky d2f63406cd IIS + Certi + NetNTLMv1 2021-09-16 17:45:29 +02:00
Swissky 3af70155e2 DCOM Exec Impacket 2021-09-07 14:48:57 +02:00
Swissky 23438cc68e Mitigation NTLMv1 2021-09-07 10:22:39 +02:00
Swissky c8076e99c9 Net-NTLMv1 + DriverPrinter 2021-09-06 20:58:44 +02:00
Swissky 0f94adafe5 ESC2 + Windows Search Connectors - Windows Library Files 2021-09-01 14:10:53 +02:00
Swissky f89597725a
Merge pull request #416 from Bort-Millipede/master 
Expression Language Injection One-Liners; XSS Payload; Fixed Linux Py…
 2021-08-25 22:17:53 +02:00
Swissky 69b99826d2 AD CS Attacks 2021-08-25 22:14:44 +02:00
Jeffrey Cap 9bde75b32d Expression Language Injection One-Liners; XSS Payload; Fixed Linux Python IPv6 Reverse Shell Payload 2021-08-23 14:41:40 -05:00
Swissky fde99044c5 CS NTLM Relay 2021-08-22 23:03:02 +02:00
Swissky 87be30d3b2 DB2 Injection + ADCS 2021-08-10 23:00:19 +02:00
Swissky 7ab7664469
Merge pull request #399 from Bort-Millipede/master 
New/Updated Python Linux Reverse Shells
 2021-07-31 11:26:36 +02:00
Jeffrey Cap 37e69b6162 Revised Linux Python Reverse Shells; Added New Linux Python Reverse Shells 2021-07-26 20:55:49 -05:00
Swissky d9d4a54d03 RemotePotato0 + HiveNightmare 2021-07-26 21:25:56 +02:00
M4x 9086ff9d03
add missing header file 2021-07-26 16:04:39 +08:00
Swissky 3a4bd97762 AD CS - Mimikatz / Rubeus 2021-07-25 11:40:19 +02:00
Swissky 44735975a5 Active Directory update 2021-07-12 20:45:16 +02:00
Swissky 175c676f1e Tmux PrivEsc + PrintNightmare update 2021-07-12 14:42:18 +02:00
Alexandre ZANNI e2ff22b136
add CVE-2021-34527 + It Was All A Dream scanner 2021-07-08 10:40:01 +02:00
Swissky 2f8fc7bbb9 PrintNightmare - Mimikatz 2021-07-05 21:57:14 +02:00
Swissky 459f4c03fc Dependency Confusion + LDAP 2021-07-04 13:32:32 +02:00
Sean R. Abraham 1fcbd576fe
Fix typo in Linux - Persistence.md 2021-07-02 16:18:35 -06:00
Sameer Bhatt (debugger) 0b8293b135
Added Reverse Shell using Telnet 
Added Reverse Shell using Telnet.
 2021-07-01 20:29:56 +05:30
Swissky 80816aee31 PrintNightmare - #385 2021-07-01 14:40:03 +02:00
Swissky 4e95162dc3 BadPwdCount attribute + DNS 2021-06-28 22:08:06 +02:00
Swissky ab0e487500 Cobalt Strike spunner + pivotnacci 2021-06-27 23:58:13 +02:00
leongross e31de3dd6b
Update Subdomains Enumeration.md 2021-06-25 09:17:27 +02:00
Swissky 85a7ac8a76 Shadow Credentials + AD CS Relay + SSSD KCM 2021-06-24 15:26:05 +02:00
Swissky a723a34449 PS Transcript + PPLdump.exe 2021-05-06 18:26:00 +02:00
soka a4bdabea83 Add AWS DynamoDB enumeration 2021-04-30 21:44:21 +02:00
Swissky 1592756f9c
Merge pull request #348 from pswalia2u/patch-1 
Update Reverse Shell Cheatsheet.md
 2021-04-26 10:05:59 +02:00
Swissky 08b59f2856 AD update CME+DCOM 2021-04-21 22:27:07 +02:00
Ryan Montgomery 7ae038d919
Update Reverse Shell Cheatsheet.md 
Added: Automatic Reverse Shell Generator
 2021-04-18 10:50:41 -04:00
clem9669 7a564cb859
Update Linux - Privilege Escalation.md 
Fixing Markdow URL typo in writable network-scripts section
 2021-04-15 10:07:43 +00:00
Micah Van Deusen f23de13d96
Added method to read gMSA 2021-04-10 10:58:05 -05:00
Ricardo 604618ed41
Improve Ruby reverse shell 
Now the reverse shell supports the "cd" command and maintains persistence when an error is raised.
 2021-04-02 16:36:58 -04:00
secnigma 059a866fd2
Added Netcat BusyBox 
Some embedded systems like busybox won't have mkfifo present; instead, they will have mknod. This updated code can spawn reverse shell in systems that use mknod instead of mkfifo.
 2021-04-01 13:27:20 +05:30
pswalia2u 209380740b
Update Reverse Shell Cheatsheet.md 
Added new Bash TCP reverse shell
 2021-03-28 18:58:07 +05:30
Swissky 0443babe35 Relay + MSSQL Read File 2021-03-25 18:25:02 +01:00
Swissky f6b9d63bf8 DCOM exploitation and MSSQL CLR 2021-03-24 22:26:23 +01:00
Swissky bd2166027e GMSA Password + Dart Reverse Shell 2021-03-24 12:44:35 +01:00
cosmin-bianu 13d54a5c24
Fixed Java payload 
- Declared variables
- Added semicolons at the end of each line
- Fixed the bash command
 2021-03-12 13:20:15 +02:00
c14dd49h ca28c69e67
Update Active Directory Attack.md 2021-02-26 14:14:10 +01:00
Swissky 8d31b7240b Office Attacks 2021-02-21 20:17:57 +01:00
mpgn d1c23c5863
Unload the service mimi 2021-02-17 12:21:16 +01:00
mpgn 9be371d793
add mimikatz command to protect a process again after removing the protection 
fe4e984055/mimikatz/modules/kuhl_m_kernel.c (L99)
 2021-02-17 12:15:47 +01:00
Valentín Blanco 73f6ab940c
Update Windows - Privilege Escalation.md 
Adding WES-NG which is a great and updated replacement for Windows-Exploit-Suggester.
 2021-02-10 15:52:41 +01:00
Jakub 'unknow' Mrugalski 9244fe0480
[typo] changed sshs_config to sshd_config 2021-02-05 12:24:49 +01:00
Swissky 092083af5c AD - Printer Bug + Account Lock 2021-01-29 22:10:22 +01:00
PinkDev1 93769768e2
Added EoP - $PATH Interception 2021-01-28 19:45:54 +00:00
Swissky 01aadf3a44 Alternate Data Stream 2021-01-13 10:22:59 +01:00
lanjelot 5cfa93f98b Add new cloudsplaining tool to AWS Pentest page 2021-01-12 22:59:37 +11:00
Swissky 3a6ac550b8 DSRM Admin 2021-01-08 23:41:50 +01:00
Tim Gates 7846225bfd
docs: fix simple typo, accound -> account 
There is a small typo in Methodology and Resources/Active Directory Attack.md.

Should read `account` rather than `accound`.
 2020-12-23 09:16:40 +11:00
Swissky 16b207eb0b LAPS Password 2020-12-20 21:45:41 +01:00
Swissky 67752de6e9 Bronze Bit Attack 2020-12-18 22:38:30 +01:00
lanjelot e0c745cbf4 Fix AWS duplicated tool enumerate-iam 2020-12-18 22:52:21 +11:00
lanjelot 4b9baf37d3 Add dufflebag tool and cleanup 2020-12-18 22:45:07 +11:00
Swissky f7e8f515a5 Application Escape and Breakout 2020-12-17 08:56:58 +01:00
lanjelot 4c18e29a6b Fix links and duplicated nmap and massscan examples 2020-12-13 04:50:59 +11:00
Swissky 73fdd6e218 Mimikatz - Elevate token with LSA protection 2020-12-09 23:33:40 +01:00
Swissky 19a2950b8d AMSI + Trust 2020-12-08 14:31:01 +01:00
Swissky 78cc68674b
Merge pull request #296 from brnhrd/patch-1 
Fix table of contents
 2020-12-07 17:21:02 +01:00
Swissky f48ee0bca5 Deepce - Docker Enumeration, Escalation of Privileges and Container Escapes 2020-12-06 18:59:43 +01:00
Swissky 27050f6dd8 MSSQL Server Cheatsheet 2020-12-05 11:37:34 +01:00
Swissky e13f152b74 AD - Recon 2020-12-02 18:43:13 +01:00
brnhrd 15e44bdfe6
Fix table of contents 2020-12-02 14:19:59 +01:00
lanjelot bca107cc64 Move duplicated tool references into one place 2020-11-30 01:38:04 +11:00
lanjelot 10e6c075f7 Add tool nccgroup/s3_objects_check 2020-11-30 01:17:15 +11:00
Swissky b918095775 AzureHound 2020-11-24 12:41:34 +01:00
Abass Sesay 95b07c9e3e
Sorted the list of revshell options 
Miniscule change because it was grinding my grinding my gears that the list is not sorted :-)
 2020-11-14 09:20:49 -08:00
Swissky bd184487e5 NTLM Hashcat 2020-11-06 16:20:03 +01:00
Swissky 1137bfca8d Remote Desktop Services Shadowing 2020-10-30 21:10:00 +01:00
Gorgamite f9389d708b
Added winPEAS to windows privilege escalation tool 
WinPEAS is a really thorough privesc enumeration tool for windows, you can find it here: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe
It doesn't auto exploit, but it's rather thorough and effective.
 2020-10-29 03:57:40 -07:00
Swissky db533aabd4
Merge pull request #280 from Gorgamite/master 
Added LinPEAS to Linux Privesc.
 2020-10-29 11:56:44 +01:00
Gorgamite ff3b45e0b7
Added LinPEAS to Linux Privesc. 
I very strongly recommend adding LinPEAS to the enumeration tools. LinPEAS is arguably the best linux privesc enumeration tool out there. If you haven't used it, I'd try it out. It highlights all relevant information with color coded text, and you can pass it parameters to control the thoroughness of the scan. You should add WinPEAS for windows privesc as well.
 2020-10-29 03:50:05 -07:00
Gorgamite 1b69a3ef73
Update Linux - Privilege Escalation.md 2020-10-29 03:22:08 -07:00
Vincent Gilles 0b90094002 Fix(Docs): Correcting typos on the repo 2020-10-17 22:52:35 +02:00
marcan2020 693349da56
Add Python bind shell 2020-10-17 14:52:36 -04:00
Swissky 5a1ae58a59 Sticky Notes Windows + Cobalt SMB 2020-10-16 11:35:15 +02:00
Swissky 3368084b2d CS Beacon - SMB Error Code 2020-10-15 17:22:00 +02:00
Swissky b32f4754d7 Keytab + schtasks 2020-10-15 12:35:05 +02:00
Swissky 913f2d2381
Merge pull request #253 from yoavbls/add-cloudflared 
Use cloudflared to expose internal services
 2020-10-09 10:34:26 +02:00
Swissky 0f098c8a2c
Merge pull request #251 from ritiksahni/patch-1 
Removed broken link
 2020-10-09 10:33:43 +02:00
Swissky c9be68f0a1 Privilege File Write - Update 2020-10-08 16:51:11 +02:00
Swissky 0df0cc9cf8 Privileged File Write 2020-10-08 16:39:25 +02:00
Swissky 52b0cd6030 Ligolo Reverse Tunneling 2020-10-08 11:23:12 +02:00
YoavB dbddc717af Use cloudflared to expose internal service 2020-10-03 22:34:28 +03:00
ritiksahni 7e0e06682b
Removed broken link 
bitrot.sh domain is expired and hence the link in the markdown file was broken.
 2020-10-03 00:25:36 +05:30
@cnagy 50c12f2e71
Added cURL command for Wayback Machine querying 2020-10-02 15:26:57 +00:00
@cnagy ec1f89fbe6
Updated Responder link and added InveighZero 2020-10-02 04:39:09 +00:00
Swissky 837d2641b7 Persistence - Scheduled Tasks 2020-09-30 11:46:04 +02:00
Swissky 6c1a6c41aa Docker - Kernel Module 2020-09-27 13:53:13 +02:00
Swissky 0cee482b32
Merge pull request #239 from zero77/patch-1 
Update Linux - Persistence.md
 2020-09-23 17:30:32 +02:00
Swissky 229502c497
Update Linux - Persistence.md 2020-09-23 17:29:34 +02:00
Swissky 1a0e31a05e Zero Logon - Restore pwd 2020-09-18 21:21:55 +02:00
Swissky f4ef56fca0 Mimikatz Zerologon + reset pwd 2020-09-17 14:05:54 +02:00
Swissky 62678c26ce .NET Zero Logon 2020-09-16 14:31:59 +02:00
Swissky 14586e4d7a ZeroLogon via Mimikatz 2020-09-16 14:13:40 +02:00
Swissky e79918bdc2 CVE-2020-1472 Unauthenticated domain controller compromise 2020-09-14 23:06:09 +02:00
Swissky bcd700c951 AWS API calls that return credentials - kmcquade 2020-09-06 17:11:30 +02:00
zero77 f1d55a132a
Update Linux - Persistence.md 2020-09-02 09:43:25 +00:00
Swissky cc95f4e386 AD - Forest to Forest compromise 2020-08-18 09:33:38 +02:00
Justin Perdok f11c45650b
Update Active Directory Attack.md 2020-08-17 13:18:30 +00:00
Justin Perdok 1284715128
Update Active Directory Attack.md 2020-08-17 13:15:33 +00:00
Justin Perdok 6f3f2239fa
GenericWrite and Remote Connection Manager 
Added content from https://sensepost.com/blog/2020/ace-to-rce/
 2020-08-17 13:00:04 +00:00
Swissky 33129f2b4c Silver Ticket with services list 2020-08-09 19:25:03 +02:00
Swissky c7e3ea005e Powershell Remoting 2020-08-09 12:15:56 +02:00
Swissky 767eb04af6 Persistence - Typo 2020-07-21 19:48:57 +02:00
Swissky ca9326b5fc Driver Privilege Escalation 2020-07-13 15:00:36 +02:00
Swissky dd40ddd233 XSS summary subentries + GraphTCP 2020-07-12 14:44:33 +02:00
Artiom Mocrenco 62443a3753
fix typo 2020-07-08 18:01:12 +03:00
Artiom Mocrenco 2d7d6d6eed
Add TLS-PSK OpenSSL reverse shell method 2020-07-08 17:01:38 +03:00
Swissky 5b1a79cb56 Docker device file breakout 2020-07-04 19:00:56 +02:00
Swissky ecf29c2cbe Active Directory - Mitigations 2020-06-18 11:55:48 +02:00
Swissky 71ddb449ce Windows Persistence 2020-06-01 21:37:32 +02:00
Swissky 5323ceb37c SUDO CVE + Windows Drivers PrivEsc 2020-05-28 11:19:16 +02:00
Swissky 4ca5e71c2f Bind shell cheatsheet (Fix #194) 2020-05-24 14:09:46 +02:00
Swissky c1731041b5 Misc & Tricks Page + AMSI + Defender 2020-05-16 13:22:55 +02:00
Swissky eb074393df Windows Persistence - Binary replacing 2020-05-13 23:07:39 +02:00
Swissky a65fdbb568 XSW 4 Fix #205 2020-05-12 14:27:25 +02:00
Swissky e95a4aeac0 MSOL AD Spray 2020-05-11 17:08:03 +02:00
Swissky 3ed2b28e59 Add user /Y + GPO Powerview 2020-05-10 23:16:29 +02:00
Swissky 7f1c150edd Mimikatz Summary 2020-05-10 16:17:10 +02:00
joker2a 32b83da302
Update Linux - Privilege Escalation.md 
Add new privesc for (Centos/Redhat)
Writable /etc/sysconfig/network-scripts/
 2020-05-04 11:44:24 +02:00
guanicoe 1fc8b57c85
Update Windows - Privilege Escalation.md 
added Get-Process to list processes
 2020-05-03 21:11:01 +00:00
Swissky 5163ef902c XSS Google Scholar Payload + Skeleton Key Persistence 2020-05-03 16:28:17 +02:00
Swissky 04899355ad Magic Hashes + SQL fuzz 2020-04-26 21:43:42 +02:00
Th1b4ud 7c8e9ac4ce Typo 2020-04-22 16:01:49 +02:00
Th1b4ud 14d03b96a1 Linux privesc - SSH Key Predictable PRNG (Authorized_Keys) Process - Summary 2020-04-22 16:00:31 +02:00
Th1b4ud 2e507a2b2f Linux privesc - SSH Key Predictable PRNG (Authorized_Keys) Process 2020-04-22 15:55:10 +02:00
Th1b4ud 2740600a6b
Alternative TTY method with /usr/bin/script 2020-04-21 19:21:51 +02:00
Swissky 89f906f7a8 Fix issue - C reverse shell 2020-04-21 11:17:39 +02:00
Swissky af6760ef7a RoadRecon + JSON None refs 2020-04-17 16:34:51 +02:00
Th1b4ud 29194a8ef1
Add others shell on reverse shell cheatsheet 
Add others shell on reverse shell cheatsheet
 2020-04-13 19:06:01 +02:00
Swissky 6e7af5a267 Docker Registry - Pull/Download 2020-04-04 18:27:41 +02:00
M4x 1d299f55c9
Delete unnecessary escape characters 
`whoami` has already been wrapped in backquotes. There is no need to user escape characters again
 2020-03-29 23:40:39 +08:00
Swissky be8f32b586 Docker escape and exploit 2020-03-29 16:48:09 +02:00
Swissky 95ab07b45e CloudTrail disable, GraphQL tool 2020-03-28 12:01:56 +01:00
guenicoe a3cc577ebd
added cmd on the USOSVC vuln 
Added `cmd \c C:\Users\nc.exe` as not typing `cmd \c` did not work for me. Might need even more explanation
 2020-03-24 20:15:59 +00:00
PixeL 1b190939c4
Remove example from win priv esc 
This example was used on hackthebox where it leaked the root flag of a machine on free servers.
This resulted in every user being able to get the root flag before they have even completed the box which isn't fair to others.

This example should either be changed or removed completely to combat copy-pasting without knowing what you're doing.
 2020-03-23 17:17:42 -05:00
Fanis Katsimpas 2bdbb2dbc5
Update Windows - Privilege Escalation.md 
Make powershell on EoP - Runas easier to copy paste
 2020-03-22 19:25:35 +00:00
Swissky 1538ccd7f2 Gaining AWS Console Access via API Keys 2020-03-19 11:59:49 +01:00
Swissky 1f3a94ba88 AWS SSM + Shadow copy attack 2020-03-06 15:30:38 +01:00
Swissky 5d87804f71 AWS EC2 Instance Connect + Lambda + SSM 2020-03-06 13:33:14 +01:00
Swissky c19e36ad34 Azure AD Connect - MSOL Account's password and DCSync 2020-03-01 17:06:31 +01:00
Swissky 71a307a86b AWS - EC2 copy image 2020-02-29 12:56:00 +01:00
Swissky 74f2dfccca Kerberos Constrained Delegation 2020-02-23 21:20:46 +01:00
Swissky c5ac4e9eff AWS Patterns 2020-02-23 20:58:53 +01:00
Swissky 915946a343 Fix Cloud Training 2020-02-21 10:50:43 +01:00
Swissky bda7100a77 Fix Cloud references 2020-02-21 10:47:16 +01:00
Swissky 984078050b Cloud - Pentest with AWS and Azure 2020-02-21 10:36:01 +01:00
Swissky 7f0650dfc0 IIS Raid Persistence 2020-02-20 16:51:22 +01:00
Swissky ba30618a8b Cobalt Strike - Artifact 2020-02-14 17:10:00 +01:00
Swissky 7cd49769be WMI + Cobalt Strike 2020-02-13 22:53:45 +01:00
Sameer Bhatt (debugger) 994e557178
Added more TTY Shell using perl and python 2020-02-09 12:46:18 +05:30
Swissky aba6874517 Maps API + secretsdump enabled user/pw last set + certutil mimikatz 2020-02-06 21:41:29 +01:00
socketz 056161fd9f
Updated Java & Groovy Shells 
Added threaded shells and alternative pure Java reverse shell
 2020-02-06 15:43:58 +01:00
antonioCoco 50a376337d
Update Reverse Shell Cheatsheet.md 2020-02-05 23:29:43 +01:00
Swissky fb76fdc331 Windows Firewall + DLL hijacking + Named pipes 2020-02-01 22:12:36 +01:00
Swissky be0397fa68 BloodHound ZIP + Zero Width space tip 2020-01-19 22:46:45 +01:00
Mehtab Zafar 8dc1e3c5fe
Update TTY shell command for python 
Made the command to use python3 because mostly now the machines have python3 installed.
 2020-01-10 17:57:53 +05:30
Ayoma Wijethunga 7f34c01794 Change IP and port to a common value across commands 2020-01-09 16:20:49 +05:30
Ayoma Wijethunga 96b9adb98b Change IP and port to a common value across commands 2020-01-09 16:17:35 +05:30
Swissky 742c7ee3c2 AppLocker rules 2020-01-06 23:03:54 +01:00
Swissky 71171fa78b SSRF exploiting WSGI 2020-01-05 22:11:28 +01:00
Swissky 3a9b9529cb Mimikatz - Credential Manager & DPAPI 2020-01-05 17:27:02 +01:00
Swissky 73abdeed71 Kerberos AD GPO 2020-01-05 16:28:00 +01:00
Swissky b052f78d95 Blacklist3r and Machine Key 2020-01-02 23:33:04 +01:00
György Demarcsek 9c188139ec
Added PHP reverse shell 
This reverse shell payload for PHP works even if `exec` is disabled and/or the new socket is not on fd 3
 2020-01-02 19:27:35 +01:00
Swissky 0a6ac284c9 AdminSDHolder Abuse 2019-12-30 19:55:47 +01:00
Swissky bcb24c9866 Abusing Active Directory ACLs/ACEs 2019-12-30 14:22:10 +01:00
Swissky 4b10c5e302 AD mitigations 2019-12-26 12:09:23 +01:00
Swissky 1535c5f1b3 Kubernetes - Privileged Service Account Token 2019-12-20 11:33:25 +01:00
Swissky cf5a4b6e97 XSLT injection draft 2019-12-17 21:13:59 +01:00
Swissky 896e262531 Privilege impersonation and GraphQL SQLi 2019-12-11 16:59:14 +01:00
Swissky 6f4a28ef66 Slim RCE + CAP list 2019-12-05 23:06:53 +01:00
Swissky c60f264664 RDP backdoor + RDP session takeover 2019-11-26 23:39:14 +01:00
Swissky 06864b0ff8 Password spraying rewrite + Summary fix 2019-11-25 23:35:20 +01:00
Swissky 3abaa3e23d Linux AD - Keyring, Keytab, CCACHE 2019-11-25 23:12:06 +01:00
Swissky 00684a10cd IIS asp shell with .asa, .cer, .xamlx 2019-11-16 14:53:42 +01:00
Swissky 639dc9faec .url file in writeable share 2019-11-14 23:54:57 +01:00
Swissky 3a384c34aa Password spray + AD summary re-org 2019-11-14 23:37:51 +01:00
Swissky 7f266bfda8 mitm ipv6 + macOS kerberoasting 2019-11-14 23:26:13 +01:00
M4x 221b353030
fix invalid link 2019-11-14 16:59:52 +08:00
Swissky 43f185d289 CVE-2019-1322 UsoSvc 2019-11-11 20:31:07 +01:00
Swissky f6d5221a85 SID history break trust + Powershell history + SCF files 2019-11-07 23:21:00 +01:00
Swissky 24516ca7a1 Kubernetes attacks update + ref to securityboulevard 2019-11-05 11:05:59 +01:00
Swissky 60050219b7 Impersonating Office 365 Users on Azure AD Connect 2019-11-04 21:43:44 +01:00
Dave 775d10c256
Fix awk snippet 
A small typo in the awk one-liner prevents successful execution of the command.

```
awk: cmd. line:1: warning: remote host and port information (10.0.0.1>, 4242) invalid: Name or service not known
awk: cmd. line:1: fatal: can't open two way pipe `/inet/tcp/0/10.0.0.1>/4242' for input/output (No such file or directory)
```

This commit fixes this :)
 2019-11-03 16:07:16 +00:00
Dave 6b22d53257
Fix lua reverse shell quote issue 
The single quotes around `io.popen` prevented the one-liner to be executed.
This change should fix that :)
 2019-10-29 19:31:07 +00:00
Hi15358 34d8853728
Merge pull request #1 from Hi15358/patch-1 
Patch 1
 2019-10-29 16:30:58 +08:00
Swissky 727eb5cabd Drop the MIC 2019-10-21 23:00:27 +02:00
Swissky 11fc6e4bc5 NTLM relay + MS08-068 2019-10-20 22:09:36 +02:00
Hi15358 b54142c3a2
Update Reverse Shell Cheatsheet.md 2019-10-21 02:35:13 +08:00
Swissky ed252df92e krb5.keytab + credential use summary 2019-10-20 13:25:06 +02:00
Swissky 7159a3ded3 RODC dcsync note + Dumping AD Domain summary 2019-10-18 00:07:09 +02:00
OOP f0af3b4f4d
Update Active Directory Attack.md 2019-10-15 23:18:07 +07:00
Swissky 357658371f SSRF URL for Google Cloud 2019-10-06 20:59:58 +02:00
Mark 3fb2a9006f
Add Spyse to network discovery 
1. spyse itself 
2. python wrapper - using only a part of the available functionality of spyse, but will be updated very soon.
 2019-09-30 15:26:26 +04:00
Swissky 3221197b1e RCE vBulletin + findomain 2019-09-26 20:41:01 +02:00
Swissky 742e3204d3 SharpPersist - Windows Persistence 2019-09-13 17:38:23 +02:00
Swissky 5455c30ec7 Juicy Potato + XXE update 2019-09-08 19:44:51 +02:00
Swissky 2b1900e046 PrivEsc - sudoers + Upload PHP 2019-09-02 12:36:40 +02:00
Swissky 3ca07aeb7a Docker Privesc - Unix socket 2019-08-30 17:25:07 +02:00
Alexandre ZANNI 72c54b5c1b
add missing backtick 2019-08-29 09:49:09 +02:00
Swissky bb305d0183 Network Discovery - Masscan update 2019-08-29 01:08:26 +02:00
Swissky 6c161f26b2 JWT None alternative + MS15-051 2019-08-22 23:03:48 +02:00
David B 3fd0791c2a
Update Linux - Privilege Escalation.md 
Adding a tool that helps with privilege escalation on linux through SUDO.
 2019-08-19 00:55:30 +02:00
Swissky 8dffb59ac5 Pspy + Silver Ticket + MSSQL connect 2019-08-18 22:24:48 +02:00
Swissky 4a176615fe CORS Misconfiguration 2019-08-18 12:08:51 +02:00
Swissky b6697d8595 SSRF SVG + Windows Token getsystem 2019-08-15 18:21:06 +02:00
Swissky bd449e9cea XSS PostMessage 2019-08-03 23:22:14 +02:00
Swissky 6baa446144 Directory Traversal CVE 2018 Spring 2019-07-27 13:02:16 +02:00
Swissky 98124178db EoP - Juicy Potato 2019-07-26 15:29:34 +02:00
Swissky 657823a353 PTH Mitigation + Linux Smart Enumeration 2019-07-26 14:24:58 +02:00
Swissky f6c0f226af PXE boot attack 2019-07-25 14:08:32 +02:00
Swissky 859695e2be Update PrivExchange based on chryzsh blog post 2019-07-24 14:10:58 +02:00
Swissky a14b3af934 Active Directory - Resource Based Constrained Delegation 2019-07-22 21:45:50 +02:00
Swissky 45af613fd9 Active Directory - Unconstrained delegation 2019-07-17 23:17:35 +02:00
Swissky 13ba72f124 GraphQL + RDP Bruteforce + PostgreSQL RCE 2019-07-01 23:29:29 +02:00
Swissky 46780de750 PostgreSQL rewrite + LFI SSH 2019-06-29 19:23:34 +02:00
Swissky 144b3827ab MS14-068 + /etc/security/opasswd 2019-06-29 17:55:13 +02:00
Swissky 9be62677b6 Add root user + PHP null byte version 2019-06-24 00:21:39 +02:00
Swissky 9745e67465 HQL Injection + references update 2019-06-16 23:45:52 +02:00
Dan Borges 24a05c7098
Update Windows - Privilege Escalation.md 2019-06-11 11:51:09 -07:00
Swissky 8cec2e0ca3 Linux PrivEsc - Writable files 2019-06-10 11:09:02 +02:00
Swissky 94a60b43d6 Writable /etc/sudoers + Meterpreter autoroute 2019-06-10 11:00:54 +02:00
Swissky a85fa5af28 Local File Include : rce via mail + kadimus 2019-06-10 00:05:47 +02:00
Swissky 5d4f65720a PrivEsc - Common Exploits 2019-06-09 20:53:41 +02:00
Swissky e8cd11f88f plink + sshuttle : Network Pivoting Techniques 2019-06-09 18:13:15 +02:00
Swissky adcea1a913 Linux PrivEsc + SSH persistency 2019-06-09 16:05:44 +02:00
Swissky f5a8a6b62f Meterpreter shell 2019-06-09 14:26:14 +02:00
Swissky 93f6c03b54 GraphQL + LXD/etc/passwd PrivEsc + Win firewall 2019-06-09 13:46:40 +02:00
Swissky f88da43e1c SQL informationschema.processlist + UPNP warning + getcap -ep 2019-05-25 18:19:08 +02:00
Swissky 9c2e63818f XSS without parenthesis, semi-colon + Lontara 2019-05-15 21:55:17 +02:00
Swissky b81df17589 RFI - Windows SMB allow_url_include = "Off" 2019-05-12 22:23:55 +02:00
Swissky bab04f8587 Masscan + AD password in description + ZSH revshell bugfix + Mimikatz lsass.dmp 2019-05-12 21:34:09 +02:00