During a penetration test, we can use TFTP to transfer files from older Windows operating systems up to Windows XP and 2003. This is a terrific tool for non-interactive file transfer, but it is not...

This technique is useful to compress the binary we want to transfer, convert it to a hex string, and embed it into a Windows script. On the Windows machine, we will paste this script into our shel...

Ysoserial.NET ysoserial.NET this tool only works for Windows, after download it we need to identify the format of the binary or program running the code (-g) and the format (-f) that has the deseri...

mingw-w64 In order to avoid compilation issues, it is generally recommended to use native compilers for the specific operating system targeted by the code; however, this may not always be an option...

First we need to disable ASLR on Kali for testing: echo 0 | sudo tee /proc/sys/kernel/randomize_va_space Setting up the EDB debugger First thing, it runs with the following command: root@debian:~...

Setting up the Immunity Debugger First open it as administrator, then attach the process on “File” menu and then select the service and don’t forget to click on “Play”: Install mona.py Download ...

PSPY Pspy github download Monitoring Services running ./pspy64 Examples: Epsilon IP Address ifconfig -a ip address show ip a s DNS cat /etc/resolv.conf Network connections netstat -tulnpa ss ...

NMAP Multiple Vulns nmap --script "rdp-enum-encryption or rdp-vuln-ms12-020 or rdp-ntlm-info" -p 3389 10.11.1.7 Brute Force Hydra hydra -l pedro -P /usr/share/wordlists/rockyou.txt 10.11.1.7 rdp ...

SNMPWALK Enumerate the entire public community using SNMPv2, -t 10 to increase the timeout period to 10 seconds: snmpwalk -v 2c -c Public -t 10 10.10.11.107 snmpcheck 10.10.202.78 -c Public Exampl...

Burp Suite Intruder Since the default credentials didn’t seem to work and blank passwords aren’t allowed, let’s try to automate some basic username and password combinations with Burp Suite’s Intr...