Recently Updated Pages
Export a Proxmox VM to VirtualBox
Example VM I want to export the pfsense-deleteme VM and import it into VirtualBox. The procedure...
VirtualBox: Getting Rid of the Turtle
Problem Microsoft has continued to push many aspects of Windows security under the Hyper-V platf...
File Transfer Techniques
TFTP If the target has a TFTP client installed, Metasploit has a TFTP server you can run ad-hoc ...
xfreerdp
Usage and Help Display the xfreerdp man page man xfreerdp Display the xfreerdp help output on ...
POP3
Create the Config File nano ./username-muttrc You should only need to change the username, pass...
IMAP
Create the Config File nano ./username-muttrc You should only need to change the username, pass...
Change to KDE Plasma Desktop Environment
Installing KDE Plasma Official Documentation: https://www.kali.org/docs/general-use/switching-de...
Port Forwarding with Chisel
GitHub Download from the Releases Page Usage Requires a copy of the Chisel binary on: The...
Enumerating Hosts and Identifying the Domain Controllers
Enumerating Live Hosts Internal ARP-Scan Since this is an internal assessment, Kali is on the ...
Using Faketime for Ad-Hoc Kerberos Authentication
Installing Faketime sudo apt install faketime faketime -h This will run the specified 'progr...
Extracting Kerberos AS-REQ Pre-Auth Hashes from PCAPs
PCAP Analysis Note the existence of KRB5 protocol traffic on tcp/88, which is further identifi...
Kerberos Pre-Auth Username Enumeration
How it Works We can send a request for a TGT --- without a pre-authentication hash --- to the Ke...
NTLM Credential Stuffing (Internal/External)
NTLM Basic Authentication Could obtain a list of usernames via OSINT, or via something like RI...
AS-REP Roasting (Internal/External)
AS-REP Roasting If Kerberos pre-authentication is disabled on a user account in Active Directory...
NULL Session Enumeration (Internal/External)
NULL Session LDAP, SMB, and RPC may allow a user to authenticate to the service without providin...
CrackMapExec
When to Use Useful post-compromise if you've dumped hashes from SAM or LSASS or obtained clearte...
GetUserSPNs.py
When to Use Useful in post-compromise enumeration. If you acquire user passwords or hashes for a...
GetADUsers.py
When to Use Helpful in post-compromise enumeration. If you've compromised a domain-joined host, ...
Dumping DNS Records with adidnsdump
Active Directory Integrated DNS Dump (adidnsdump) GitHub Repository Installation python3 -m pi...
LdapDomainDump
When to Use You'll know when you've found a domain controller, because it will have ...