Skip to main content

Recently Updated Pages

Have I Helped You Today?

The goal of this blog is to share technical and educational content that is: Well-documented ...

Updated 5 days ago by 0xBEN

Multipart Forms and Boundary Parameters

Web General

Multipart/Form-Data Example Example Web Form Consider the following web form... File Uploa...

Updated 3 weeks ago by 0xBEN

Using an Ad-Hoc Python Web Server to Catch HTTP Client Requests

Web Ad-Hoc Web Servers to Catch HTTP Client...

nano serv.py import http.server bind_address='0.0.0.0' port=80 class CustomRequestHandl...

Updated 4 weeks ago by 0xBEN

Computer Programming: Compiled vs Interpreted Languages

PJPT & PNPT Study Group Lessons Session 2: Nov. 13, 2023

Compiled vs Interpreted Languages Example Interpreted (Scripting) Languages Bash JavaScript ...

Updated 1 month ago by 0xBEN

Spawn Processes as Other Users

Active Directory Post Exploitation: Attacks

RunasCs.exe Project GitHub https://github.com/antonioCoco/RunasCs/releases Example Usage Spaw...

Updated 1 month ago by 0xBEN

Installing Wine and Wine Dependencies

Kali Optimizations

Considerations I urge you to consider taking a snapshot of your Kali instance at its current sta...

Updated 1 month ago by 0xBEN

John the Ripper Help Tricks

Hash Cracking John the Ripper

Find Hash Format Modules Find supported hash types # Field 1 is the Format label # Field 7 is ...

Updated 1 month ago by 0xBEN

Hashcat Help Tricks

Hash Cracking hashcat

Find Hash Format Modules Find supported hash types hashcat -h | grep -i <hash_type> Show info ...

Updated 1 month ago by 0xBEN

Using an Ad-Hoc Nginx Server to Catch-Web Requests

Web Ad-Hoc Web Servers to Catch HTTP Client...

Set up Custom Logging sudo apt install -y libnginx-mod-http-lua Install Nginx LUA libraries ...

Updated 1 month ago by 0xBEN

File Transfer Techniques

File Transfers and Data Exfiltration

TFTP If the target has a TFTP client installed, Metasploit has a TFTP server you can run ad-hoc ...

Updated 1 month ago by 0xBEN

Windows File Downloads

File Transfers and Data Exfiltration

PowerShell [System.Net.WebClient]::new().DownLoadFile(uri, outpath) # Exampe [System.Net.WebClie...

Updated 1 month ago by 0xBEN

Burp Chromium Browser Always Upgrades to TLS

Web Burp Suite

Problem In the browser, you enter http://domain.tld or http://10.10.10.10 for example. If you're...

Updated 1 month ago by 0xBEN

Change to KDE Plasma Desktop Environment

Kali Optimizations

Installing KDE Plasma Official Documentation: https://www.kali.org/docs/general-use/switching-de...

Updated 1 month ago by 0xBEN

Using Faketime for Ad-Hoc Kerberos Authentication

Active Directory Initial Attack Vectors

Installing Faketime sudo apt install faketime faketime -h This will run the specified 'progr...

Updated 1 month ago by 0xBEN

Remote Bloodhound

Active Directory Post Exploitation: Enumeration

GitHub Repo Prerequisites impacket ldap3 dnspython  Installation python3 -m pip insta...

Updated 1 month ago by 0xBEN

Kerberos Pre-Auth Username Enumeration

Active Directory Initial Attack Vectors

How it Works We can send a request for a TGT --- without a pre-authentication hash --- to the Ke...

Updated 1 month ago by 0xBEN

AS-REP Roasting (Internal/External)

Active Directory Initial Attack Vectors

AS-REP Roasting If Kerberos pre-authentication is disabled on a user account in Active Directory...

Updated 1 month ago by 0xBEN

Generate Hashes Passwd Overwrite

Linux

SALT=$(openssl rand -base64 6) # Salted MD5 openssl passwd -1 -salt $SALT your_password # Salt...

Updated 2 months ago by 0xBEN

Computer Networking: IP Addressing and Subnetting

PJPT & PNPT Study Group Lessons Session 2: Nov. 13, 2023

IP Addressing Common Computer Numbering Systems Binary (base 2) -- 0 to 1 Octal (base 8) -- ...

Updated 2 months ago by 0xBEN

VirtualHost Enumeration

Web gobuster

VirtualHosts Examples In the diagram above, this is the valid way to use virtual hosts. You cr...

Updated 2 months ago by 0xBEN