- https://www.hackingarticles.in/android-penetration-testing-apk-reverse-engineering/
- https://www.hackingarticles.in/android-penetration-testing-apk-reversing-part-2/
- https://www.hackingarticles.in/android-pentest-deep-link-exploitation/
- https://www.hackingarticles.in/android-penetration-testing-webview-attacks/
- https://www.hackingarticles.in/android-penetration-testing-frida/
- https://www.hackingarticles.in/android-pentest-lab-setup-adb-command-cheatsheet/
- https://www.hackingarticles.in/android-hooking-and-sslpinning-using-objection-framework/
- https://www.hackingarticles.in/android-penetration-testing-drozer/
C0C0red
its-a-feature
/ Domain Enumeration Commands
Created
January 7, 2018 21:03
Common Domain Enumeration commands in Windows, Mac, and LDAP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Domain: TEST.local | |
| User Enumeration: | |
| Windows: | |
| net user | |
| net user /domain | |
| net user [username] | |
| net user [username] /domain | |
| wmic useraccount | |
| Mac: | |
| dscl . ls /Users |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "queries": [{ | |
| "name": "List all owned users", | |
| "queryList": [{ | |
| "final": true, | |
| "query": "MATCH (m:User) WHERE m.owned=TRUE RETURN m" | |
| }] | |
| }, | |
| { | |
| "name": "List all owned computers", |
thevillagehacker
/ Android_pen-testing.md
Created
March 23, 2021 06:00
gladiatx0r
/ Workstation-Takeover.md
Last active
March 17, 2025 03:05
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure
In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;
- Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
- Relaying that machine authentication to LDAPS for configuring RBCD
- RBCD takeover
The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.