Knowledge Base for Penetration Testing
Windows Patch Level Lists installed packages: Available Shares List open file shares: The default Windows shares are: C$, IPC$, ADMIN$ If these are present that is fine. If there are any more then investigate what they are and try to determine if they are sharing sensitive information. If you find it is sharing a CD-ROM […]
Windows stores user account passwords in SAM file. This file contains hashes of passwords. This SAM file cannot be opened directly by the user, so we have to dump it. Tools used : Mimikatz John The Ripper , Hashcat. Dumping SAM file: For this we need to copy sam and system files from their original […]
For this post, we will be deep-diving into the art of transferring files. We will go over various techniques on how to transfer files from our attacker machine onto a victim Windows 10 host (download), as well as from the victim Windows 10 host back onto our attacker machine (upload). As hackers, we constantly find […]
In this blog post we will look at how to perform AS-REP roasting in two different ways, how to use hashcat to crack a krbasrep5 hashes, and how to mitigate this type of attack. During kerberos pre-authentication, a user’s NTID is used to encrypt a timestamp and then the domain controller will attempt to decrypt […]
In this post we will take a look A LOT of tools and techniques that can be used to perform a pass-the-hash attack. First, we will dump the local SAM file hashes off our initial victim and extract the local administrator account’s hash. From there, we will use the local administrator hash to move laterally […]
In this Walkthrough, we will be hacking the machine Hutch from Proving Grounds Practice. To begin, we will utilize the ability to perform an anonymous LDAP search to dump account information where we will find a password. With valid credentials, we will run Bloodhound remotely to query the DC and find that our user has […]
If you are working in a medium to large company, you are probably interacting on a daily basis with LDAP. Whether this is on a Windows domain controller, or on a Linux OpenLDAP server, the LDAP protocol is very useful to centralize authentication. However, as your LDAP directory grows, you might get lost in all […]
Introduction: In this post we are going to have a look into the D/Invoke project by TheWover. He also wrote a really good blog post which you can read here where he demonstrates in detail how the whole project works. It covers some really cool aspects so its highly recommended to check it out. This […]
Introduction This post considers that you already have some understanding of C#. The NSA has released guidance encouraging organizations to shift programming languages from the likes of C and C++ to memory-safe alternatives – such as C#, Go, Java, Ruby, Rust, and Swift. C and C++ are commonly used languages that provide freedom and flexibility […]
Chisel is a fast TCP/UDP tunnel, transported over HTTP, and secured via SSH. It uses a single executable for establishing connections as the client or server. Chisel is written in Go (golang). It is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into any network. Proxychains […]
by 
