Best of Lateral Movement
Over Pass the Hash
https://www.hackingarticles.in/lateral-movement-over-pass-the-hash/
Pass the Hash Attack
https://www.hackingarticles.in/lateral-movement-pass-the-hash-attack/
CrackMapExec
https://www.hackingarticles.in/lateral-moment-on-active-directory-crackmapexec/
WMI
https://www.hackingarticles.in/lateral-movement-wmi/
Lateral Movement: Pass the Ticket Attack
https://www.hackingarticles.in/lateral-movement-pass-the-ticket-attack/
Lateral Movement: Pass the Cache
https://www.hackingarticles.in/lateral-movement-pass-the-ccache/
Over Pass the Hash
https://www.hackingarticles.in/lateral-movement-over-pass-the-hash/
Pass the Hash Attack
https://www.hackingarticles.in/lateral-movement-pass-the-hash-attack/
CrackMapExec
https://www.hackingarticles.in/lateral-moment-on-active-directory-crackmapexec/
WMI
https://www.hackingarticles.in/lateral-movement-wmi/
Lateral Movement: Pass the Ticket Attack
https://www.hackingarticles.in/lateral-movement-pass-the-ticket-attack/
Lateral Movement: Pass the Cache
https://www.hackingarticles.in/lateral-movement-pass-the-ccache/
โค2
Best of Windows Persistence
Windows Persistence: Accessibility Features
https://www.hackingarticles.in/persistence-accessibility-features/
Domain Persistence: Golden Ticket Attack
https://www.hackingarticles.in/domain-persistence-golden-ticket-attack/
Windows Persistence: Netsh
https://www.hackingarticles.in/windows-persistence-using-netsh/
Windows Persistence: Bits Job
https://www.hackingarticles.in/windows-persistence-using-bits-job/
Windows Persistence: WinLogon
https://www.hackingarticles.in/windows-persistence-using-winlogon/
Windows Persistence: RID Hijacking
https://www.hackingarticles.in/persistence-rid-hijacking/
Windows Persistence: Application Shimming
https://www.hackingarticles.in/windows-persistence-using-application-shimming/
Windows Persistence: PowerShell Empire
https://www.hackingarticles.in/windows-persistence-with-powershell-empire/
Windows Persistence: Accessibility Features
https://www.hackingarticles.in/persistence-accessibility-features/
Domain Persistence: Golden Ticket Attack
https://www.hackingarticles.in/domain-persistence-golden-ticket-attack/
Windows Persistence: Netsh
https://www.hackingarticles.in/windows-persistence-using-netsh/
Windows Persistence: Bits Job
https://www.hackingarticles.in/windows-persistence-using-bits-job/
Windows Persistence: WinLogon
https://www.hackingarticles.in/windows-persistence-using-winlogon/
Windows Persistence: RID Hijacking
https://www.hackingarticles.in/persistence-rid-hijacking/
Windows Persistence: Application Shimming
https://www.hackingarticles.in/windows-persistence-using-application-shimming/
Windows Persistence: PowerShell Empire
https://www.hackingarticles.in/windows-persistence-with-powershell-empire/
Comprehensive Guide on HTML Injection
๐ฅ Telegram: https://t.me/hackinarticles
Today, in this article, weโll learn how such misconfigured HTML codes, open the gates for the attackers to manipulate the designed webpages and grabs up the sensitive data from the users.
๐ What is HTML?
๐ Introduction to HTML Injection
๐ฅ Impact of HTML Injection
โ๏ธ HTML Injection vs XSS
๐งฌ Types of Injection
๐พ Stored HTML
๐ Reflected HTML
๐ฅ Reflected GET
๐ค Reflected POST
๐ Reflected Current URL
๐ฅ Telegram: https://t.me/hackinarticles
Today, in this article, weโll learn how such misconfigured HTML codes, open the gates for the attackers to manipulate the designed webpages and grabs up the sensitive data from the users.
๐ What is HTML?
๐ Introduction to HTML Injection
๐ฅ Impact of HTML Injection
โ๏ธ HTML Injection vs XSS
๐งฌ Types of Injection
๐พ Stored HTML
๐ Reflected HTML
๐ฅ Reflected GET
๐ค Reflected POST
๐ Reflected Current URL
A Detailed Guide on OS Command Injection
๐ฅ Telegram: https://t.me/hackinarticles
In this article, weโll learn about OS Command Injection, in which an attacker is able to trigger some arbitrary system shell commands on the hosted operating system via a vulnerable web-application.
๐ Introduction to Command Injection
โ How Command Injection Occurs?
๐ฃ Metacharacters
๐ Types of Command Injection
๐ฅ Impact of OS Command Injection
๐งญ Steps to Exploit โ OS Command Injection
๐ ๏ธ Manual Exploitation
๐ Basic OS Command Injection
๐ซ Bypass a Blacklist Implemented
๐ค Exploitation through Automated Tools
๐งช Burp Suite
โ๏ธ Manual
๐ช๏ธ Fuzzing
๐งฌ Commix
๐ฏ Metasploit
๐๏ธ Blind OS Command Injection
๐ Detection
๐ฃ Exploitation
๐ฅ Telegram: https://t.me/hackinarticles
In this article, weโll learn about OS Command Injection, in which an attacker is able to trigger some arbitrary system shell commands on the hosted operating system via a vulnerable web-application.
๐ Introduction to Command Injection
โ How Command Injection Occurs?
๐ฃ Metacharacters
๐ Types of Command Injection
๐ฅ Impact of OS Command Injection
๐งญ Steps to Exploit โ OS Command Injection
๐ ๏ธ Manual Exploitation
๐ Basic OS Command Injection
๐ซ Bypass a Blacklist Implemented
๐ค Exploitation through Automated Tools
๐งช Burp Suite
โ๏ธ Manual
๐ช๏ธ Fuzzing
๐งฌ Commix
๐ฏ Metasploit
๐๏ธ Blind OS Command Injection
๐ Detection
๐ฃ Exploitation
Wireless Penetration Testing: PMKID Attack
๐ฅ Telegram: https://t.me/hackinarticles
This attack targets WPA and WPA2 protocols effectively. However, recent studies show that WPA3 offers far greater resistance and shows little to no success against PMKID attacks.
๐ Open System Authentication
๐ Shared Key Authentication
๐ถ WPA and WPA2 PSK
๐ค 4-Way Handshake
๐ง PMK Caching and PMKID (in the RSN IE frame)
๐ Explanation of Attack
๐ฏ Capturing PMKID using hcxdumptool
โ๏ธ Converting pcapng to hashcat file and Cracking Using Hashcat
๐ฏ Capturing Only a Single PMKID using hcxdumptool
๐ Converting pcapng to pcap and Cracking Using Aircrack-ng
๐ ๏ธ PMKID Capture and Attack Using Airgeddon
๐ PMKID Capture Using Bettercap
๐ฅ Telegram: https://t.me/hackinarticles
This attack targets WPA and WPA2 protocols effectively. However, recent studies show that WPA3 offers far greater resistance and shows little to no success against PMKID attacks.
๐ Open System Authentication
๐ Shared Key Authentication
๐ถ WPA and WPA2 PSK
๐ค 4-Way Handshake
๐ง PMK Caching and PMKID (in the RSN IE frame)
๐ Explanation of Attack
๐ฏ Capturing PMKID using hcxdumptool
โ๏ธ Converting pcapng to hashcat file and Cracking Using Hashcat
๐ฏ Capturing Only a Single PMKID using hcxdumptool
๐ Converting pcapng to pcap and Cracking Using Aircrack-ng
๐ ๏ธ PMKID Capture and Attack Using Airgeddon
๐ PMKID Capture Using Bettercap
๐ [Day 3] ADCS Exploitation: ESC3
ESC3 exploits misconfigured Enrollment Agent templates, allowing attackers to request certificates for other users.
๐ Key Points:
Risk: Templates with Enrollment Agent rights enable malicious certificate issuance.
Exploitation: Forge certificates for privileged accounts using Certificate Request Agent permissions.
Mitigation: Restrict Enrollment Agent roles and audit template permissions.
๐ Reference: ESC3 Technical Breakdown
ESC3 exploits misconfigured Enrollment Agent templates, allowing attackers to request certificates for other users.
๐ Key Points:
Risk: Templates with Enrollment Agent rights enable malicious certificate issuance.
Exploitation: Forge certificates for privileged accounts using Certificate Request Agent permissions.
Mitigation: Restrict Enrollment Agent roles and audit template permissions.
๐ Reference: ESC3 Technical Breakdown
FFUF
๐ดโซ๏ธFull HD Image: https://github.com/Ignitetechnologies/Mindmap/blob/main/ffuf/FFUF%20HD.png
๐ดโซ๏ธFull HD Image: https://github.com/Ignitetechnologies/Mindmap/blob/main/ffuf/FFUF%20HD.png
SSRF
๐ดโซ๏ธFull HD Image:https://github.com/Ignitetechnologies/Mindmap/blob/main/SSRF%20Tools/SSRF%20Tools%20HD.png
๐ดโซ๏ธFull HD Image:https://github.com/Ignitetechnologies/Mindmap/blob/main/SSRF%20Tools/SSRF%20Tools%20HD.png