Recently Updated Pages

Find Hash Format Modules Find supported hash types # Field 1 is the Format label # Field 7 is ...

SALT=$(openssl rand -base64 6) # Salted MD5 openssl passwd -1 -salt $SALT your_password # Salt...

Enable SSH Server Capability Get-WindowsCapability -Online -Name 'OpenSSH.Server*' | Add-Windows...

Overview Tokens are temporary keys that allow a user to perform actions on a system or network w...

Overview GPP allows admins to create policies with embedded credentials. The credentials are enc...

Local Privilege Escalation https://github.com/calebstewart/CVE-2021-1675

Overview https://github.com/gentilkiwi/mimikatz There are various spin-offs of the Mimikatz pro...

Caution This can potentially break a domain controller, due the fact that this attack temporaril...

Details Enum4linux is a tool for enumerating information from Windows and Samba systems. It at...

When to Use    You'll know when you've found a domain controller, because it will have ...

Borrow a DLL Normally, one must install RSAT (Remote Server Administration Tools) on a host to m...

Current User Example would be if you have LFI or some other means to read from the local file sy...

Project Github https://github.com/hashcat/maskprocessor Example Usage You have a base pass...

The goal of this blog is to share technical and educational content that is: Well-documented ...

WinRM runs on TCP port 5985 for unencrypted sessions and 5986 for encrypted sessions. # Open a P...

If the target has a TFTP client installed, Metasploit has a TFTP server you can run ad-hoc on you...

Listener on Attack Box # Start a listener on the attack box and create a file when received soc...

SCP Syntax Review The most fundamental syntax for using scp is this: # Password Authentication ...

Multipart/Form-Data Example Example Web Form Consider the following web form... File Uploa...

nano serv.py import http.server bind_address='0.0.0.0' port=80 class CustomRequestHandl...