-
I'm trying to implement my own authentication mechanism, and I can't figure out whether to use the methods in `gssapi.Mechanism` or `gssapi.MechanismEx` and how to implement the wrapping and signing m…
-
-
Keypoints:
- kerbrute --> find user list such as discovery, info, etc
- SMB share folder/file --> find 'discovery's password
- impacket-mssqlclient (for MSSQL) with discovery cred --> found 'h…
-
Keypoints:
- /site: 301 in FFUF/feroxbuster result but actually we can access it
- allow_url_fopen, allow_url_include, LFI, RFI
- [PE]replace exe under backup dir.
-
-
Keypoints:
- [Argus Surveillance DVR 4.0.0.0 - Directory Traversal](https://www.exploit-db.com/exploits/45296)
- Get `C:\Users\\. ssh\id_rsa` file
- [PE] hash info is in C:\ProgramData\PY_Software\…
-
Keypoints:
- [ntlm_theft](https://github.com/Greenwolf/ntlm_theft/tree/master):
A tool for generating multiple types of NTLMv2 hash theft files.
- [PE]SeRestorePrivilege
-
Keypoints:
- Try POST method for endpoint --> get credential info
- pdf password crack
```
pdf2john Infrastructure.pdf > pdf.hash
john --wordlist=/usr/share/wordlists/rockyou.txt --rules=best64 p…
-
Keypoints:
- /phpinfo --> got user name info "Shenzi"
- One useful tip for lab machines is to try out any useful keywords you’ve identified so far **to identify directories, usernames or passwords**…
-
Keypoints: ldap
- `ldapsearch -H ldap://192.168.241.122 -x -s base namingcontexts`
- `ldapsearch -x -H ldap://192.168.241.122 -D '' -w '' -b "DC=hutch,DC=offsec"` --> find info about password set…