Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-21 20:23:18 +00:00
Code Issues Projects Releases Packages Wiki Activity
4886 commits 18 branches 0 tags 470 MiB
Commit graph

452 commits

Author SHA1 Message Date
Mane
c956226239
Add OID Group Link Abuse - ESC13 
Reference:

https://posts.specterops.io/adcs-esc13-abuse-technique-fda4272fbd53

https://www.thehacker.recipes/a-d/movement/ad-cs/certificate-templates#issuance-policiy-with-privileged-group-linked-esc13
 2024-04-09 03:57:01 +08:00
Mane
54632299d1
fix typo in domain-escalation.md 2024-04-09 03:16:44 +08:00
Mane
f6f017777c
Add Shell access to ADCS CA with YubiHSM - ESC12 
Reference: 
https://pkiblog.knobloch.info/esc12-shell-access-to-adcs-ca-with-yubihsm

https://www.thehacker.recipes/a-d/movement/ad-cs/certificate-authority#shell-access-to-adcs-ca-with-yubihsm-esc12
 2024-04-09 03:13:19 +08:00
Mane
3f2a13b8f1
Add Relaying NTLM to ICPR - ESC11 
Reference: https://blog.compass-security.com/2022/11/relaying-to-ad-certificate-services-over-rpc/
 2024-04-09 02:34:03 +08:00
Carlos Polop
35b3c7ccfe a 2024-04-08 00:51:34 +02:00
Carlos Polop
4b64ce2de1 w 2024-04-08 00:37:55 +02:00
CPol
c55d66804a
GITBOOK-4301: No subject 2024-04-06 16:25:58 +00:00
Yassine OUKESSOU
1891e8372b
small typo 2024-04-01 14:25:06 +02:00
Yassine OUKESSOU
2d71374c9f
Removing deleted option and adding some clarification to the text 2024-04-01 14:03:11 +02:00
CPol
31e7f071f5
GITBOOK-4288: change request with no subject merged in GitBook 2024-03-29 18:55:33 +00:00
HackTricks
2c57874949
Merge pull request #825 from manesec/master 
Add more tools and small update mssql
 2024-03-26 20:16:08 +01:00
Carlos Polop
61e2eb2350 a 2024-03-26 15:56:40 +01:00
Yassine OUKESSOU
72c787cebb
ASREProasting without domain credentials method in asreproast.md 
Adding ASrepCatcher tool : ASREProasting without domain credentials method
 2024-03-24 01:04:09 +01:00
Mane
983b8069c7
Update abusing-ad-mssql.md 
+ Add `EXEC sp_linkedservers`

Ref: https://database.guide/2-ways-to-return-a-list-of-linked-servers-in-sql-server-using-t-sql/
 2024-03-18 16:32:25 +08:00
CPol
5b120932f3
GITBOOK-4274: change request with no subject merged in GitBook 2024-03-17 14:42:04 +00:00
CPol
f3dc05632c
GITBOOK-4269: change request with no subject merged in GitBook 2024-03-15 21:27:36 +00:00
Carlos Polop
1fcb0ae066 a 2024-03-15 00:01:13 +01:00
Carlos Polop
944eaa12c9 up 2024-03-09 14:02:01 +01:00
CPol
8ff32d8f1d
GITBOOK-4266: change request with no subject merged in GitBook 2024-03-09 12:57:16 +00:00
cocomelonc
d3dda8a77d python for build injectors example: peekaboo 2024-02-27 14:00:10 +06:00
CPol
7ae219aa33
GITBOOK-4260: change request with no subject merged in GitBook 2024-02-26 10:39:43 +00:00
Carlos Polop
0ee2fda1c6
Merge pull request #800 from bruno-1337/patch-1 
Add another option for SeDebugPrivilege Code Execution
 2024-02-25 13:21:46 +01:00
CPol
eff83f8dcf
GITBOOK-4251: change request with no subject merged in GitBook 2024-02-18 14:18:26 +00:00
Bruno Badaró
a48e4a82a5
Adding another option for SeDebugPrivilege Code Execution 2024-02-16 21:17:30 -03:00
Mane
cd41e781cf
Update checklist-windows-privilege-escalation.md 2024-02-15 03:15:28 -08:00
Mane
0e796fec20
Update checklist-windows-privilege-escalation.md 
Upload procdump64.exe to dump firefox's memory from ippsec

https://youtu.be/fmBb6BgLsC8?t=1740
 2024-02-15 03:12:20 -08:00
Carlos Polop
7aaa08ff92 a 2024-02-09 01:38:08 +01:00
Carlos Polop
a2ca955cb9 a 2024-02-09 01:36:13 +01:00
Carlos Polop
10a3b640d6 a 2024-02-08 04:08:28 +01:00
Carlos Polop
79b80044a8 a 2024-02-08 04:06:37 +01:00
Carlos Polop
06a639f4af a 2024-02-07 05:05:50 +01:00
Carlos Polop
797ab87ac5 a 2024-02-05 03:29:11 +01:00
Carlos Polop
7cc077db55 a 2024-02-04 17:10:29 +01:00
Carlos Polop
213f0fc6f6 a 2024-02-03 17:02:14 +01:00
Carlos Polop
9715b0e8a9
Merge pull request #794 from manesec/master 
Finding a file in windows and linux base on Creation Time
 2024-02-02 19:14:41 +01:00
Carlos Polop
8f81059719
Merge pull request #792 from wowlolx/master 
Fixed netsh command for spaces in SSIDs
 2024-02-02 19:14:01 +01:00
Mane
d90f632846
Update README.md 
Finding a newer files with powershell
 2024-02-01 01:42:07 -08:00
wowlolx
67cb9fdd22
Fixed netsh command for spaces in SSIDs 2024-01-31 00:15:10 +05:00
CravateRouge
7db7f86212 Add asreproast bloodyAD 2024-01-18 09:40:35 +00:00
Carlos Polop
f6fafa225b
Merge pull request #781 from manesec/master 
Update privileged-groups-and-token-privileges.md, fix typo
 2024-01-13 19:36:57 +01:00
Paul
a7f19cb28b fix certipy command use 2024-01-12 17:12:46 +01:00
Carlos Polop
c61eef67c4 arte 2024-01-12 08:53:44 +01:00
Mane
cb0f65d0ae
Update privileged-groups-and-token-privileges.md 
- fix typo `dumo` --> `dump`
 2024-01-11 23:24:52 -08:00
CPol
bdb5a4b010
GITBOOK-4230: change request with no subject merged in GitBook 2024-01-10 00:59:55 +00:00
Carlos Polop
68933e7c99 arte 2024-01-09 12:45:12 +01:00
Carlos Polop
9b9734dd4f arte 2024-01-05 12:06:33 +01:00
Carlos Polop
a1290f2671
Merge pull request #773 from Colinatorr/master 
Fix typo in powerview.md
 2024-01-04 10:02:08 +01:00
and7es
171d882f4d
Update bloodhound.md 
Added new updated Bloodhound CE tool
Changed the old Bloodhound to Legacy
 2024-01-02 23:27:06 +01:00
Carlos Polop
c2d34d11b4 arte 2024-01-02 19:28:27 +01:00
Carlos Polop
c0034b1784 arte 2024-01-02 19:28:04 +01:00
Colinatorr
dad6e78399
Fix typo in powerview.md 2023-12-31 12:11:56 +01:00
CPol
08536c564d
GITBOOK-4222: change request with no subject merged in GitBook 2023-12-27 23:58:16 +00:00
CPol
76315e4cc2
GITBOOK-4219: change request with no subject merged in GitBook 2023-12-26 20:51:20 +00:00
CPol
0d5acdada5
GITBOOK-4218: change request with no subject merged in GitBook 2023-12-26 17:26:15 +00:00
CPol
da42a67a80
GITBOOK-4216: change request with no subject merged in GitBook 2023-12-26 00:45:07 +00:00
Carlos Polop
2cf03a3f4b
Merge pull request #764 from evilmog/master 
update NTLMv1 cracking methodology
 2023-12-24 20:11:47 +01:00
Carlos Polop
03fb0ebb99
Merge pull request #758 from manesec/master 
Update SNMP and Basic PowerShell for Pentesters
 2023-12-24 19:53:33 +01:00
evilmog
dde7fbec2a update NTLMv1 cracking methodology 2023-12-19 15:59:00 -07:00
evilmog
3818e73d6f update NTLMv1 cracking methodology 2023-12-19 11:02:28 -07:00
CPol
20b5224810
GITBOOK-4192: change request with no subject merged in GitBook 2023-12-16 13:28:14 +00:00
Mane
9878e7b8ac
Update README.md 
Add `AMSI Bypass - More Resources` 
Add `Powershell - Port scan`

## Reference - `AMSI Bypass - More Resources`

[S3cur3Th1sSh1t/Amsi-Bypass-Powershell](https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell)

[Amsi Bypass on Windows 11 In 2023](https://gustavshen.medium.com/bypass-amsi-on-windows-11-75d231b2cac6)  [Github](https://github.com/senzee1984/Amsi_Bypass_In_2023)

## Reference - `Powershell - Port scan`

https://techcommunity.microsoft.com/t5/itops-talk-blog/powershell-basics-how-to-scan-open-ports-within-a-network/ba-p/924149

https://medium.com/@nallamuthu/powershell-port-scan-bf27fc754585

https://www.sans.org/blog/pen-test-poster-white-board-powershell-built-in-port-scanner/
 2023-12-12 01:57:52 -08:00
carlospolop
81005f76c9 hp 2023-12-04 16:57:41 +01:00
carlospolop
21ed9007c4 hackenproof 2023-12-04 16:45:05 +01:00
Taleb Qasem
58cabb472f
Update dpapi-extracting-passwords.md 
minor typos
 2023-11-27 18:26:17 +06:00
Carlos Polop
4f348a96e0
Merge pull request #738 from manesec/master 
Update privileged-groups-and-token-privileges.md
 2023-11-06 00:20:23 +01:00
CPol
6b1e75d284
GITBOOK-4151: change request with no subject merged in GitBook 2023-11-05 22:38:46 +00:00
Carlos Polop
8335321618
Merge pull request #736 from OmriBaso/master 
Added WTSImpersonator to HackTricks - New Technique for lateral movement and credentails stealing.
 2023-11-05 23:19:17 +01:00
Carlos Polop
390404cb36
Merge pull request #731 from ir0nstone/patch-1 
Fix command flag in domain-escalation.md
 2023-11-05 17:10:40 +01:00
CPol
a3ad24c9ea
GITBOOK-4148: change request with no subject merged in GitBook 2023-11-03 11:03:53 +00:00
CPol
233703a1b1
GITBOOK-4146: change request with no subject merged in GitBook 2023-11-02 16:52:21 +00:00
Mane
47971d2aff
Update privileged-groups-and-token-privileges.md 
Add `Using wbadmin.exe to dumo NTDS.dit`
 2023-11-02 03:03:31 -07:00
Omri Baso
f6d3e27ee4
Add files via upload 2023-10-29 22:14:25 +02:00
Andrej L
3ddbdaa4e9
Update domain-escalation.md 
Flag for Certipy [has changed](https://github.com/ly4k/Certipy#esc1) from `-alt` to `-upn` for abusing ESC1.
 2023-10-23 16:10:03 +01:00
CPol
63857c0541
GITBOOK-4126: change request with no subject merged in GitBook 2023-10-15 16:45:54 +00:00
CPol
6a5f71e401
GITBOOK-4121: change request with no subject merged in GitBook 2023-10-14 20:45:59 +00:00
Carlos Polop
6b6da2aa1d
Merge pull request #719 from nuts7/certutil-ntlmcoerce-newtech 
Add NTLM auth coerce technique (certutil.exe)
 2023-10-12 00:46:14 +02:00
nuts7
6a6ccd91d1 Add NTLM auth coerce technique (certutil.exe) 
This commit add a new NTLM authentication coerce technique with the certutil.exe lolbin (Microsoft-signed binary)
 2023-10-11 17:47:02 +00:00
nuts7
c10d59667f Add Kerberoasting w/o domain account 
This commit add a Kerberoasting technique without domain account/credentials just a user without pre-authentication (AS_REP Roastable)
 2023-10-06 12:11:57 +00:00
CPol
aafdb7f10e
GITBOOK-4111: change request with no subject merged in GitBook 2023-10-05 14:47:43 +00:00
CPol
261348bb2c
GITBOOK-4100: change request with no subject merged in GitBook 2023-09-28 15:09:34 +00:00
CPol
afd72865a1
GITBOOK-4092: change request with no subject merged in GitBook 2023-09-24 09:51:34 +00:00
CPol
f2d97a41ce
GITBOOK-4078: change request with no subject merged in GitBook 2023-09-11 15:21:29 +00:00
carlospolop
93b6df668e trickest 2023-09-05 00:10:11 +02:00
carlospolop
987e1109d8 trickest 2023-09-03 17:41:02 +02:00
carlospolop
d308298b26 intruder 2023-09-03 01:51:32 +02:00
carlospolop
2463753c56 intruder 2023-09-03 01:48:41 +02:00
CPol
0de31f2383
GITBOOK-4061: change request with no subject merged in GitBook 2023-08-31 15:11:42 +00:00
CPol
749e1c091d
GITBOOK-4059: change request with no subject merged in GitBook 2023-08-30 09:07:26 +00:00
Carlos Polop
02139b4168
Merge pull request #694 from NaxnN/master-2 
Update information about "Credential Guard"
 2023-08-29 20:32:36 +02:00
Carlos Polop
24eed6e768
Merge pull request #692 from limon768/limon768-patch-1 
Update README.md
 2023-08-29 20:20:22 +02:00
KeoOp
d6b6d61fe7
Update information about "Credential Guard" 2023-08-24 16:00:17 +08:00
CPol
7b95b4b0e9
GITBOOK-4044: change request with no subject merged in GitBook 2023-08-22 09:57:13 +00:00
SquareZer0
84c85d450b
Update README.md 
Fixed a typo
 2023-08-20 22:04:03 -04:00
CPol
554b95eac8
GITBOOK-4035: change request with no subject merged in GitBook 2023-08-16 04:32:29 +00:00
Carlos Polop
d762d11ebc
Merge pull request #681 from clem9669/patch-11 
Update shadow-credentials.md
 2023-08-07 07:27:48 +02:00
CPol
d66ecb4cdd
GITBOOK-4021: change request with no subject merged in GitBook 2023-07-31 15:59:11 +00:00
CPol
84d05a4c74
GITBOOK-4018: change request with no subject merged in GitBook 2023-07-30 21:28:42 +00:00
CPol
0b9f09f1ce
GITBOOK-4016: change request with no subject merged in GitBook 2023-07-28 11:44:45 +00:00
clem9669
26d9aa42f8
Update shadow-credentials.md 
Adding pywhisker.py from Shutdown
 2023-07-27 15:39:17 +00:00
Carlos Polop
e93ed39f00
Merge pull request #666 from noraj/patch-1 
kerberoast: add some linux tools
 2023-07-18 15:03:29 +02:00