diff --git a/.gitbook/assets/image (2) (6) (1).png b/.gitbook/assets/image (2) (6) (1).png new file mode 100644 index 000000000..866daa163 Binary files /dev/null and b/.gitbook/assets/image (2) (6) (1).png differ diff --git a/.gitbook/assets/image (2) (6).png b/.gitbook/assets/image (2) (6).png index 866daa163..aa2d624c1 100644 Binary files a/.gitbook/assets/image (2) (6).png and b/.gitbook/assets/image (2) (6).png differ diff --git a/.gitbook/assets/image (2).png b/.gitbook/assets/image (2).png index aa2d624c1..8f45b7fa4 100644 Binary files a/.gitbook/assets/image (2).png and b/.gitbook/assets/image (2).png differ diff --git a/.gitbook/assets/image.png b/.gitbook/assets/image.png index 8f45b7fa4..e0eebcc35 100644 Binary files a/.gitbook/assets/image.png and b/.gitbook/assets/image.png differ diff --git a/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md b/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md index c3f6237fd..2bf75f6c8 100644 --- a/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md +++ b/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md @@ -105,7 +105,7 @@ Thus, after establishing the neighborhood, we know about the existence of these **I have found that generating and quickly sending out mass EIGRP hello packets overloads the router’s CPU, which in turn can open the door to a DoS attack.** I have developed a little [**helloflooding.py**](https://github.com/in9uz/EIGRPWN/blob/main/helloflooding.py) **** script, but it seems to me that the script lacks the speed of sending out the packets. **It’s caused by GIL**, which prevents the **sprayhello** function from running in multiple threads per second. **Eventually I’ll rewrite the script in C.** -
+
Arguments of the script: diff --git a/network-services-pentesting/pentesting-web/wordpress.md b/network-services-pentesting/pentesting-web/wordpress.md index ccbf10d67..14de3f76c 100644 --- a/network-services-pentesting/pentesting-web/wordpress.md +++ b/network-services-pentesting/pentesting-web/wordpress.md @@ -210,7 +210,7 @@ Using the correct credentials you can upload a file. In the response the path wi Also there is a **faster way** to brute-force credentials using **`system.multicall`** as you can try several credentials on the same request: -![](https://firebasestorage.googleapis.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-L\_2uGJGU7AVNRcqRvEi%2Fuploads%2FFX0g2BLsdfdQnq1xXx3N%2Ffile.jpeg?alt=media) +
**Bypass 2FA** diff --git a/windows-hardening/active-directory-methodology/kerberos-double-hop-problem.md b/windows-hardening/active-directory-methodology/kerberos-double-hop-problem.md index 9e7f19117..c331f9551 100644 --- a/windows-hardening/active-directory-methodology/kerberos-double-hop-problem.md +++ b/windows-hardening/active-directory-methodology/kerberos-double-hop-problem.md @@ -116,7 +116,7 @@ winrs -r:http://bizintel:5446 -u:ta\redsuit -p:2600leet hostname Like `Invoke-Command`, this can be easily scripted so the attacker can simply issue system commands as an argument. A generic batch script example _winrm.bat_: -
+
### OpenSSH @@ -136,7 +136,7 @@ Download the latest [OpenSSH Release zip from github](https://github.com/PowerSh Uncompress the zip to where you’d like. Then, run the install script - `Install-sshd.ps1` -
+
Lastly, just add a firewall rule to **open port 22**. Verify the SSH services are installed, and start them. Both of these services will need to be running for SSH to work.