Search Results

Security Considerations Reverse Tunneling This will require you to establish a SSH connection from the foothold back to your attack box. You want to mitigate any potential for this authentication to be used against you Public Key Authentication Say ...

PowerShell [System.Net.WebClient]::new().DownLoadFile(uri, outpath) # Exampe [System.Net.WebClient]::new().DownLoadFile('http://somesite.com/file.txt', 'C:\Users\username\Desktop\file.txt') # Older versions of PS $wc = New-Object System.Net.WebClient $wc.Dow...

VirtualHosts Examples .iframe-container { position: relative; overflow: hidden; width: 100%; /*speficy apsect ratios as fractions*/ aspect-ratio: 4/3; } .responsive-iframe { position: absolute; top: 0; left: 0; bottom: 0; right: 0; widt...

Serving Files From a Web Server NGINX /etc/nginx/sites-available/example.com.conf server { listen 80; server_name www.example.com; root /var/www/example.com; index index.html; location / { try_files ...

Serving Files From a Web Server NGINX /etc/nginx/sites-available/example.com.conf server { listen 80; server_name www.example.com; root /var/www/example.com; index index.html; location / { try_files ...

Post-Compromise on Target Lsass Process Dump Sysinternals ProcDump Download ProcDump here # Dump the in-memory data from the process procdump.exe -accepteula -ma lsass.exe out.dmp # If blocked by AV or EDR, try passing the process ID procdump.exe -acc...

Linux User Scope Set this line in ~/.inputrc set bell-style none Then, run this command: bind -f ~/.inputrc System Wide Set this line in /etc/inputrc set bell-style none Then, run this command: bind -f /etc/inputrc Vim - User Scope Add this line to ~/.vi...

TFTP If the target has a TFTP client installed, Metasploit has a TFTP server you can run ad-hoc on your attack box to transfer files https://www.rapid7.com/db/modules/auxiliary/server/tftp/ Attack Box Side # Start Metasploit Framework sudo msfconsole # ...

Defining the Inventory The inventory is everything when it comes to Ansible. Your inventory is your set of hosts to be managed by Ansible. It could be a handful of hosts to a few hundred hosts. The default location for global Ansible configurations is ...

Group Variables Back on Defining the Inventory, you may remember that we broke the inventory up into groups. Groups are a convenient way to break hosts up into units like: Operating system Region Category Using the operating system grouping system, you could...

Configuring Ansible Copy the global config to my home directory. That way, I'll keep my Ansible environment how I like it. cp /etc/ansible/ansible.cfg ~/.ansible.cfg # Create a directory to store my inventory mkdir ~/.ansible # Create a file to use fo...

Use Case In this scenario the following is true: You have an Ansible server in AWS You have AWS EC2 instances you'd like to manage as inventory Define a Secrets Naming Scheme You'll want your Ansible server to be able to hit the AWS Secrets Manager ...

GitHub Download from the Releases Page Usage Requires a copy of the Chisel binary on: The target host The attacker's host. Chisel also supports authenticated proxies to prevent unwanted connections. Chisel Advantages Chisel is a portable bi...

Click here to view this diagram in a new tab

General Information portmapper and rpcbind run on TCP 111 rpcbind maps RPC services to their listening ports RPC processes notify rpcbind of the following when they start: Ports they're listening on RPC program numbers they expect to serve A clie...

Create Debian 11 Host apt update && apt upgrade -y && apt install -y sudo gnupg net-tools dnsutils binutils git curl Install MySQL Server Download .deb package from here Run sudo dpkg -i ./package.deb Select MySQL 8 Select OK Run sudo apt update...

Other Install Options Of course, the main focus of this page is to demonstrate the convenience of Ansible with respect to pushing and installing software to a batch of hosts. You don't have to use Ansible to install Fleet DM Osquery agents on your endpoints! ...

Set API Context SSH into FleetDM management server Set the API address: fleetctl config set --address https://fleetdm.home.lab:8080 My TLS certificate is self-signed, so I will skip verification: fleetctl config set --tls-skip-verify true Login to the AP...

Click here to see this diagram in a new tab

When to Use  You'll know when you've found a domain controller, because it will have several ports open that clearly distinguish it: PORT STATE SERVICE 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn ...