Mapping/Enumeration Credential Gathering Dumping SAM database Dumping LSA Database Dumping NTDS – DRSUAPI Dumping NTDS – VSS Spidering Hacking Authentication brute force passwords Pass the Hash Password Spraying Managing Files Remote Command Execution Powershell Obfuscation Reverse Shells CrackMapExec Samba Modules
Category: Penetration Testing Tools
Penetration Testers Tools for security professionals.
Detecting Zerologon with CrackMapExec (CVE-2020-1472)
Today I am writing about CVE-2020-1472 (ZeroLogon) and how can be detected with CrackMapExec and then exploit it using a script. If you want to learn more about this amazing tool check documentation about CrackMapExec 5.4.0. What is Zerologon? How to detect Zerologon vulnerability? How to exploit Zerologon vulnerability? How to get a shell with […]
Read More “Detecting Zerologon with CrackMapExec (CVE-2020-1472)”
How to Install Bloodhound on Linux
How to Install Bloodhound on Linux and correct Java problems. Install JAVA and Dependencies Install Neo4J Neo4J Configuration File Reset Neo4J Password Linux Installation BloodHound Configure Bloodhound Only collect from the DC, doesn’t query the computers (more stealthy) Data Collection Windows – SharpHound Windows – Powershell Windows – RustHound Cloud Azure
Evil-WinRM: Full Exploitation Guide
Features Compatible with Linux and Windows client systems Load in memory Powershell scripts Load in memory dll files bypassing
CrackMapExec Tutorial: Pentesting networks
CrackMapExec (also known as CME) is a post-exploitation program that assists in automating the security assessment of large Active Directory infrastructures.
SMBMap: Full Guide Enumerating SMB
How to Install SMBMap SMBMap Features Pass-the-Hash Support File upload/download/delete Permission enumeration (writable share, meet Metasploit) Remote Command Execution Distributed file content searching (beta!) File name matching (with an auto download capability) SMB Help Enumerate Remote Samba Service No Authentication With Authentication Null Session SMBMap Managing Files Download Upload Remote Command Execution Search Files on […]
Gobuster Tutorial for Ethical Hackers
In this tutorial, we will understand how Gobuster works and use it for Web enumeration. How to Install Gobuster Gobuster Parameters Gobuster can use different attack modes against a webserver a DNS server and S3 buckets from Amazon AWS. Attack Modes Gobuster Optimization parameters Gobuster Virtual Hosts enumeration Gobuster directory enumeration Gobuster can be used […]
SQLMAP Tutorial: A Comprehensive Guide
SQLMAP is a powerful open-source tool that automates the process of detecting and exploiting SQL injection vulnerabilities in web applications. In this article, we will cover everything you need to know to use SQLMAP, including the basics of SQL injection, how SQLMAP works, and how to use it to exploit vulnerabilities in web applications. SqlMap […]
THC Hydra Tutorial: How to Brute Force Services
THC Hydra tutorial explaining how to brute force passwords using thc hydra password cracker, understand Define a List of users Attack Multiple Servers Hydra Modules Brute Force SSH with Hydra Brute Force Telnet with Hydra Brute Force FTP with Hydra Brute Force Team Speak with Hydra Brute Force SMB with Hydra Brute Force CISCO Auth […]