Posted in: CrackMapExec, Penetration Testing Tools

CrackMapExec SMB: Hacking Samba service

Mapping/Enumeration Credential Gathering Dumping SAM database Dumping LSA Database Dumping NTDS – DRSUAPI Dumping NTDS – VSS Spidering Hacking Authentication brute force passwords Pass the Hash Password Spraying Managing Files Remote Command Execution Powershell Obfuscation Reverse Shells CrackMapExec Samba Modules

Posted in: CrackMapExec, Penetration Testing Tools

Detecting Zerologon with CrackMapExec (CVE-2020-1472)

Today I am writing about CVE-2020-1472 (ZeroLogon) and how can be detected with CrackMapExec and then exploit it using a script. If you want to learn more about this amazing tool check documentation about CrackMapExec 5.4.0. What is Zerologon? How to detect Zerologon vulnerability? How to exploit Zerologon vulnerability? How to get a shell with […]

Posted in: Penetration Testing Tools, Active Directory

How to Install Bloodhound on Linux

How to Install Bloodhound on Linux and correct Java problems. Install JAVA and Dependencies Install Neo4J Neo4J Configuration File Reset Neo4J Password Linux Installation BloodHound Configure Bloodhound Only collect from the DC, doesn’t query the computers (more stealthy) Data Collection Windows – SharpHound Windows – Powershell Windows – RustHound Cloud Azure

Posted in: Penetration Testing Tools

SMBMap: Full Guide Enumerating SMB

How to Install SMBMap SMBMap Features Pass-the-Hash Support File upload/download/delete Permission enumeration (writable share, meet Metasploit) Remote Command Execution Distributed file content searching (beta!) File name matching (with an auto download capability) SMB Help Enumerate Remote Samba Service No Authentication With Authentication Null Session SMBMap Managing Files Download Upload Remote Command Execution Search Files on […]

Posted in: Penetration Testing Tools

Gobuster Tutorial for Ethical Hackers

In this tutorial, we will understand how Gobuster works and use it for Web enumeration. How to Install Gobuster Gobuster Parameters Gobuster can use different attack modes against a webserver a DNS server and S3 buckets from Amazon AWS. Attack Modes Gobuster Optimization parameters Gobuster Virtual Hosts enumeration Gobuster directory enumeration Gobuster can be used […]

Posted in: Penetration Testing Tools

SQLMAP Tutorial: A Comprehensive Guide

SQLMAP is a powerful open-source tool that automates the process of detecting and exploiting SQL injection vulnerabilities in web applications. In this article, we will cover everything you need to know to use SQLMAP, including the basics of SQL injection, how SQLMAP works, and how to use it to exploit vulnerabilities in web applications. SqlMap […]

Posted in: Penetration Testing Tools

THC Hydra Tutorial: How to Brute Force Services

THC Hydra tutorial explaining how to brute force passwords using thc hydra password cracker, understand Define a List of users Attack Multiple Servers Hydra Modules Brute Force SSH with Hydra Brute Force Telnet with Hydra Brute Force FTP with Hydra Brute Force Team Speak with Hydra Brute Force SMB with Hydra Brute Force CISCO Auth […]

Back to Top