Knowledge Base for Penetration Testing
Introduction This post considers that you already have some understanding of C#. The NSA has released guidance encouraging organizations to shift programming languages from the likes of C and C++ to memory-safe alternatives – such as C#, Go, Java, Ruby, Rust, and Swift. C and C++ are commonly used languages that provide freedom and flexibility […]
Chisel is a fast TCP/UDP tunnel, transported over HTTP, and secured via SSH. It uses a single executable for establishing connections as the client or server. Chisel is written in Go (golang). It is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into any network. Proxychains […]
General Principals with most Outbound Controlled objects Users Groups Computers GPOs OUs Other CREATE Nodes and Edges Example output: Other sources of great Cypher Queries
Tools PowerUp Get services with unquoted paths and a space in their name Get services where the currentuser can write to its binary path or change argument to the binary Get the services whose configuration current user can modify Open a reverse shell listening using powercat
WMI 101 WMI = Windows Management Instrumentation –> Microsoft implementationn of CIM (Common Information Model) and WBEM (Web Based Enterprise Management).–> Provides a uniform interface for applications/scripts to manage a local or remote computer or network. WMIC = Command-Line interface for WMI WMI Components https://0xinfection.github.io/posts/wmi-classes-methods-part-2/ WMI utilities Linux Manaed Object Format (MOF) files Use to […]
PowerShell basics PowerShell scripts can used multiple things such as: PowerShell Download and execute in memory of PowerShell: PowerShell and Active Directory Domain Enumeration Using .NET Classes Enumeration can be done by using Native Executables and .NET classes: Using the DirectoryServices.ActiveDirectory.Domain class and then static method GetCurrentDomain() Get the name of the current forest Using […]
Commonalities Among Windows-Based Vulnerabilities All common operating systems, regardless of vendor or platform, have vulnerabilities. Although APTs and nation-state actors might keep vulnerabilities they discover to themselves, most vulnerabilities are well-documented with exploits that are available to the public. On any particular platform, many vulnerabilities have common traits. Vulnerabilities for Windows-based operating systems have the […]
by 