Half-Pwned
101 common Applications
Initializing search
Half-Pwned
Home
ActiveDirectory
ActiveDirectory
ActiveDirectory 101
ActiveDirectory 101
101
AD Objects
AD Rights and Privileges
AD Security Practices
Cheat Sheet IAD
Group Policy
Groups
Kerberos, DNS, LDAP, MSRPC, NTLM
User and Machine accounts
ActiveDirectory Hacking
ActiveDirectory Hacking
101
PrivEsc
Tools of the Trade
1. Initial Enum
1. Initial Enum
Domain Enum
External Recon and Enum
2. LLMNR+NBT NS Poisoning
2. LLMNR+NBT NS Poisoning
LLMNR+NBT NS Linux
LLMNR+NBT NS Windows
3. Password Spraying
3. Password Spraying
Enumerating Password Policy
Internal Password Spraying Linux
Internal Password Spraying Windows
Making a target user list
Password Spraying 101
4. Credentialed Enum
4. Credentialed Enum
Credentialed Enum LINUX
Credentialed Enum Windows
Enumerating Security Controls
Living Off the Land
Mimikatz
5. Kerberoasting
5. Kerberoasting
Kerberoasting Linux
Manual Method
6. ACL
6. ACL
ACL Abuse Primer
ACL Abuse Tactis
PowerView
BloodyAD
DCSync
7. Lateral Movement
7. Lateral Movement
ADCS
ASREPRoasting DU
Bleeding Edge Vulnerabilities
GPO Abuse for Windows Privilege Escalation
Kerberos 'Double Hop' Problem
Miscellaneous Misconfigurations
Privileged Access
Kerberos Delegation
Kerberos Delegation
Delegation Types
Resource Based Constraint Delegation
8. Domain Trusts
8. Domain Trusts
Domain Trusts Primer
Cross Forest
Cross Forest
Attacking CF Trusts Linux
Attacking CF Trusts Windows
Parent Child
Parent Child
Attacking Domain Trusts Linux
Attacking Domain Trusts Windows
9. Defense
9. Defense
AD Auditing
Harden AD
BloodHound
BloodHound
GenericAll
Google RedTeaming
Google RedTeaming
Resources
Part 1
Part 1
External Recon
GCP & Workspace 101
GCP VM SOCK5
Harvesting Secrets from Code Repos
Leveraging Exposed Resources
Password Spraying Protection
Password Spraying
Phishing
Network PenTesting
Network PenTesting
Buffer Overflow
Buffer Overflow
Linux
Linux
GDB Commands
Prevention
Exploit
Exploit
Find the Length of the Shellcode
New shellcode & Return Address
Take control of EIP
Intro
Intro
CPU 101
CPU Registers
Stack Based BOF 101
Common Services & Ports
Common Services & Ports
Common Services 1
Common Services 1
Enum
Infrastructure Enum
Host Based Services
Host Based Services
DNS - 53
FTP - 21
IMAP POP3
IPMI - 623
LDAP - 389, 636,
MSSql - 1433
MySQL - 3306
NFS - 111 or 2049
Oracle TNS - 1521
SMB - 139 or 445
SMTP - 25, 587, 465
SNMP - 161
Remote Management
Remote Management
Linux Remote Management
Windows Remote Management Protocol
Common Services 2
Common Services 2
101
Attacking AD
Attacking DNS
Attacking FTP
Attacking RDP
Attacking SMB
Attacking SMTP
Attacking SQL DBs
Protocol Specific Attacks
Protocol Specific Attacks
Concept of attacks
Finding Sensitive Information
Service Misconfig
File Transfers
File Transfers
Evading Detection
Linux
Living off the Land
Misc
Protected File Transfers
Transferring Files using Code
Windows
Linux Privesc
Linux Privesc
Assessment
Hardening
PreText
1. Information Gathering
1. Information Gathering
Check What's Running on a Port (Linux)
Credential Hunting
Environment Enumeration
Linux Services & Internal Enum
OTHER
Tcpdump
2. Env based privesc
2. Env based privesc
Escaping Restricted Shells
Path Abuse
Wildcard Abuse
3. Permission based privesc
3. Permission based privesc
Capabilities
Privileged Groups
SUDO Right Abuse
Special Permissions
4. Service based privesc
4. Service based privesc
Docker Escape
Docker
Linux Containers
Logrotate
Passpie Exploitation
Screen & Cron Jobs
Tcpdump NFS tmux
5. Internal based privesc
5. Internal based privesc
Kernel Exploits
Python Library Hijacking
Shared Libraries
Shared Object Hijacking
6. 0 days
6. 0 days
Dirty Pipe
Netfilter
Polkit
Sudo
Password Attacks
Password Attacks
101
Password Mutations
Remediation
Remote Password Attacks
Cracking Files
Cracking Files
Protected Archives
Protected Files
Linux Local PA
Linux Local PA
Creds Hunting in Linux
Passwd, Shadow, Opasswd
Passwords
Passwords
Password Mutations
Remote Password Attacks
Windows Lateral Movement
Windows Lateral Movement
Kerberos
Pass the Hash (PtH)
Pass the Ticket (PtT) Linux
Pass the Ticket (PtT) Windows
Windows Local PA
Windows Local PA
Attacking AD and NTDS.dit
Attacking LSASS
Attacking SAM SYSTEM NTDS SECURITY
Attacking SAM
Creds Hunting Windows
DPAPI Decryption
PenTesting Process
PenTesting Process
Basics
Intro
My Process
Service Enum Links
Steps
Methodology
Methodology
Penetration Testing Foothold Checklist
Linux
My Process
Windows AD
Windows
Pivoting
Pivoting
101
RDP and SOCKS Tunneling with SocksOverRDP
Ligolo
Ping Sweep
1. Starting Tunnels
1. Starting Tunnels
Dynamic SSH PFW and SOCKS tunneling
Local Port Fwding
Meterpreter Tunneling & Port Forwarding
Remote Port FWDing
2. Socat
2. Socat
Socat Redirection
3. Pivot Obstacles
3. Pivot Obstacles
SSH for Windows plink.exe
Sshuttle
4. Branching out Tunnels
4. Branching out Tunnels
DNS Tunneling with Dnscat2
ICMP Tunneling
SOCKS5 with Chisel
Ligolo
Ligolo
Ligolo Reverse tunnel
Ligolo
Reporting
Reporting
MISC tips and tricks
Prep
SYSREPTOR
Windows Privesc
Windows Privesc
Assessments
Intro
1. Getting a Lay of the Land
1. Getting a Lay of the Land
Communication with Processes
Initial Enum
NEEDED COMMANDS
Situational Awareness
2. User Privileges
2. User Privileges
Enable Privileges
Privileges 101
SeDebugPrivilege
SeImpersonate and SeAssignPrimaryToken
SeTakeOwnershipPrivilege
3. Group Privileges
3. Group Privileges
Backup Operators
DnsAdmins
Event Log Readers
Hyper V Administrators
Print Operators
Server Operators
4. Attacking the OS
4. Attacking the OS
Kernel Exploits
User Account Control
Vulnerable Services
Weak Permissions
5. Credential Theft
5. Credential Theft
Creds Hunting
Further Credential Theft
Hunting other Files
6. Restricted Envs
6. Restricted Envs
Citrix Breakout
7. Additional Techniques
7. Additional Techniques
Interacting with Users
Misc
Pillaging
8. End of Life Systems
8. End of Life Systems
Legacy Operating Systems
Windows Desktop
Windows Server
Web Application Pentesting
Web Application Pentesting
Attacking Common Applications
Attacking Common Applications
101 common Applications
Application Discovery & Enumeration
Hardening
ASSESSMENTS
ASSESSMENTS
Assessment 2
CMS
CMS
DNN
Drupal
Drupal
Attacking Drupal
Discovery & Enum
Joomla
Joomla
Attacking Joomla
Discovery and Enum
Wordpress
Wordpress
Attacking Wordpress
Discovery & Enum
Common Gateway Interfaces
Common Gateway Interfaces
Attacking CGI Apps Shellshock
Attacking Tomcat CGI
Infra Network Tools
Infra Network Tools
PRTG Network Monitor
Splunk
Other
Other
Apps connecting to Services
Attacking LDAP
ColdFusion
IIS Tilde
IIS machineKey RCE
Web Mass Assignment
Servlet Containers
Servlet Containers
Jenkins
Jenkins
Attacking Jenkins
Discovery & Enum
Tomcat
Tomcat
Attacking Tomcat
Discovery & Enum
Thick Client
Thick Client
PT Steps
Exploiting Web vulns in Thick Client
Thick Client 101
osTicket & GitLab
osTicket & GitLab
GitLab
osTicket
Attacking Web Apps
Attacking Web Apps
Proxying
Brute Forcing Login
Brute Forcing Login
101
Custom Wordlists Username anarchy, CUPP
Hydra
Medusa
Command Injection
Command Injection
101
Prevention
Filter Evasion
Filter Evasion
Basic
Bypass Space and slashes
Bypass blacklisted commands
Evasion Tools
Identifying filters
File Inclusion
File Inclusion
Basic Bypasses
LFI 101
LFI
PHP Filters
To do List
What to look for
Automation and Prevention
Automation and Prevention
Automated Scanning
Prevention
Remote code execution
Remote code execution
LFI and File Uploads
Log Poisoning
PHP Wrappers
RFI
File Uploads
File Uploads
Prevention
Bypassing Filters
Bypassing Filters
Basic Exploitation
Limited File Uploads
Main Techniques
Other techniques
Fuzzing
Fuzzing
Domain + VHost Fuzzing
Parameter Fuzzing
Web Fuzzing
IDOR
IDOR
101 IDOR
Bypassing IDOR
IDOR Prevention
SQL Injection
SQL Injection
DB Enumeration
Reading Files
SQL 101
SQL Injections
Writing Files
SQLMap
SQLMap
SQLMap 101
SQLMap outputs
Building attacks
Building attacks
Handling SQLMap errors + Attack Tuning
SQLMap on HTTP Request
DB Enum
DB Enum
Advanced DB Enum
DB Enum
Webapps +OS
Webapps +OS
Bypassing Web Application Protections
OS Exploitation
Verb Tampering
Verb Tampering
101
Bypass
XSS
XSS
DOM XSS
XSS (Stored, Reflected)
XSS Discovery
Xss 101
XSS Attacks
XSS Attacks
Defacing
Phishing & Session Hijacking
XXE
XXE
Advanced File Disclosure
Blind Data Exfiltration
Bypass XXE
Prevention
XXE 101
Information Gathering
Information Gathering
Automating Recon
Certificate Transparency Logs
Crawling + robots + Well known URIs
Fingerprinting
Intro
OSINT
Subdomains
Virtual Hosts
WHOIS + DNS
Blog
Blog
Blog
GCP
GCP
GCRTP
GCRTP
Initial Access - Password Spray
GCP-Phishing
Metadata in GCP Instances
Reveal Files Hidden in Google Storage
Linux
Linux
Agile
Alert
Builder
Chemistry
Conversor
Crafty
Delivery
Expressway
Giveback
Logforge
Metatwo
Pandora
Planning
Postman
Remote
Shoppy
Snoopy
Soccer
Soulmate
Trick
Underpass
Union
Pro Labs
Pro Labs
AEN
AEN
10.129.229.147
10.129.229.147
POO
POO
10.13.38.11 - Entrypoint
Windows
Windows
Active
Authority
Cicada
Driver
Escapetwo
Fluffy
Forest
Hospital
Jeeves
Mailing
Manager
Media
Monitorfour
Nanocorp
Outdated
Pov
Redelegate
Return
Sauna
Servmon
Streamio
Support
Timelapse
Tombwatcher
Voleur
Vulncicada
Archive
Archive
2023
101 common Applications
Back to top
