Posted in: CrackMapExec, Penetration Testing Tools

Detecting Zerologon with CrackMapExec (CVE-2020-1472)

Today I am writing about CVE-2020-1472 (ZeroLogon) and how can be detected with CrackMapExec and then exploit it using a script. If you want to learn more about this amazing tool check documentation about CrackMapExec 5.4.0. What is Zerologon? How to detect Zerologon vulnerability? How to exploit Zerologon vulnerability? How to get a shell with […]

Posted in: Active Directory

Active Directory Penetration Testing: Methodology

Today I am writing about Active Directory penetration Testing methodology, this is part of my study for eCPPTv2 by eLearningSecurity. Active Directory is a service to manage corporate domains Active Directory Port Numbers Port Protocol Description 53/TCP DNS Server 88/TCP kerberos-sec 135/tcp MSRPC 139/tcp NetBIOS SSN 389/tcp LDAP 445/tcp Samba 636/tcp LDAP SSL 3389/tcp Tools […]

Posted in: Active Directory

Enumerating Active Directory: Domains

In this tutorial, we will learn steps to start our journey on Active Directory enumeration, first step is to enumerate information about the Domain. Then we will extract information about the Users, Computers, Domain Administrators, Enterprise Administrators, and network shares. Understand how to start enumerating a Domain Controller and escalate your privileges inside the network. […]

Posted in: Pivoting Techniques

Chisel Reverse Proxy: Pivoting Networks

Welcome, today I will talk about Pivoting with Chisel Reverse Proxy, in this tutorial we will get a reverse shell from each machine on the pentester machine. I assume you already gain access to all machines and you want to keep access to all networks. In case you need to install our tool visit chisel […]

Posted in: Network Security

NetBios Penetration Testing Fundamentals

What is NetBios? Name service for name registration and resolution (ports: 137/udp and 137/tcp). Datagram distribution service for connectionless communication (port: 138/udp). Session service for connection-oriented communication (port: 139/tcp). Enumerate What? Enumerating SIDs Enumerating User Accounts Administrator ID Without Authentication With Authentication Microsoft Tools Dsget PsList psloggedon PsLogList PsPasswd PsShutdown NetBIOS Enumerator NetBios Exploits NetBIOS […]

Posted in: Enumeration

Methodology Scanning Linux Hosts: Theory

Methodology To Attack a Linux Machine Ok after scanning the network we detect some Linux machines and now? What do we need to investigate in order to get root on the remote machine? First scan all 65535 TCP ports available, don’t scan them all at once. Start by scanning the most common ones then go […]

Posted in: Network Security

Network Scanning Methodology: Theory

Network Scanning Methodology on a Penetration testing assessment, understand how to start enumerating a network manually and using nmap. I will not talk about Windows or Linux, just networking stuff. Usually in certifications labs or executing a penetration test on a client we have defined in our scope a sub net with a specified range […]

Back to Top