# Network stuff

Port Scan

# Protocols

DNS
FTP
GIT
HTTP
MAIL
Printer
RDP
SMB
SSH
- Range Scan
- Brute Force

# Windows Ecosystem

Without Creds
With Creds
LPE/HOST
AD ACL
AD Group
AD Trust
AD Delegation
Payload/Loot/Persistence
LOLBAS

# Linux

Enum
Payload/Loot/Persistence
SUID
SUDO
Vulns

# Apps & SVC

Adminer
Apache Cassandra
Apache OFBiz
Apache Tomcat
AWS Products
Docker
Drupal
Gitlab
Jenkins
JumpServer
PHP Laravel
LXC/LXD
MySQL
Openfire
Splunk
Torch
Visual Studio
Wordpress

# WEB Generic

HTTP Parameter Pollution
HTML TO PDF
IIS
Json Web Token
LFI/RFI
SQLi/DB
Jinja SSTI
XSS (Cross-Site Scripting)

# Misc

Hash Cracking
SMB MS17-010
Forensic
JavaScript
Wordlist
AD ZeroLogon

# ROGUE SERVER

FTP
Git
HTTP
SMB

# C2 / TRANSMISSION

File Tansfer
Shells
Metasploit

# PIVOTING

Chisel
SSH Socks Proxy

# RESSOURCES

Pentest ENV

# Passive Recon

Certificates

SSH
View page source

SSH

Range Scan

Try credentials on IP range

netexec ssh 192.168.0.0/24 -u='User' -p='Password'

Brute Force

hydra -l user -P rockyou.txt -s 22 ssh://1.2.3.4

Previous Next

© Copyright ERROR - DOCUMENT IS NOT LOADED PROPERLY.

Built with Sphinx using a theme provided by Read the Docs.