Explore >> Select a destination
|
You are here 
|
leeadams.dev | ||
| | | | |
andrewroderos.com
|
|
| | | | | In this blog post, you will learn how to escalate from a command shell to a Meterpreter shell using PowerShell Empire and Metasploit. | |
| | | | |
taeluralexis.com
|
|
| | | | | We'll target a network comprising 3 machines, leveraging CVE exploits, pivoting, code obfuscation techniques, and AV bypass strategies. | |
| | | | |
0xdf.gitlab.io
|
|
| | | | | I loved Sizzle. It was just a really tough box that reinforced Windows concepts that I hear about from pentesters in the real world. I'll start with some SMB access, use a .scf file to capture a users NetNTLM hash, and crack it to get creds. From there I can create a certificate for the user and then authenticate over WinRM. I'll Kerberoast to get a second user, who is able to run the DCSync attack, leading to an admin shell. I'll have two beyond root sections, the first to show two unintended paths, and the second to exploit NTLM authentication over HTTP, and how Burp breaks it. | |
| | | | |
wsummerhill.github.io
|
|
| | | Sliver has been a popular open-source C2 in recent years and has had continuous improvements since its release. It's cross-platform and easy to setup which were both appealing to me when I first started using it. I wanted to learn how to setup Sliver as a C2 server for red teams so I decided to document it for my own reference and anyone else interested. Here's what we'll cover: | ||
