随笔分类 - 红队
摘要:Recon NMAP SCAN namp -sT -p- --min-rate 1000 -oA nmap/ports 10.10.10.10522/tcp open ssh 80/tcp open http nmap -sT -pxx,xx -sV -oA nmap/version 10.10.1
阅读全文
摘要:This is the write up for the medium machine 'onlyrforyou'. Topic covered in this article are: LFI,commnad injection,neo4j cipher injection,malicious p
阅读全文
摘要:This text introduce a new domain lateral movement technology--PTC(certificate transport attack).Introducing a new kind of DC certification utiliz thin
阅读全文
摘要:Ansible_vault hash decrypt Copy those ansible_vault hash to three file named pwm_admin_login_vault pwm_admin_password_vault ldap_admin_password_vault
阅读全文
摘要:Initial Gobuster to discover the webcontents. When we brute-force a directory path, if one dictionary doesn't give us any useful information, we can c
阅读全文
摘要:ThemeBleed exploit Windows run the Theme.exe which occupy the 445 port.We need to open the services interface and stop the service. 1.Generate the The
阅读全文
摘要:CONNECT between windows and linux Bloodhound Collection Grab the latest copy of SharpHound.exe from the Bloodhound repo,upload it to Outdated,working
阅读全文
摘要:PyWhisker If we use pyWhisker,we need to have credential. With creds,I can try to remotely run PyWhisker.It fails: python3 /opt/pywhisker/pywisker.py
阅读全文
摘要:Briefly Microsoft ensure that a new local escalate loophole. This loophole allow low permission user access the system file of Windows. The user which
阅读全文
摘要:WSUS Introduction WSUS is a Microsoft solution for administrators to deploy Microsoft product updates and patches across an environment in a scalable
阅读全文
摘要:RECON TLS certificate openssl s_client -showcerts -connect 10.10.11.202:3269 | openssl x509 -noout -text- "openssl s_client" initiates an SSL/TLS conn
阅读全文
摘要:ESC1 utilization conditions: ESC1 needs to meet following requirements to use successfully 1.Have permission to accquire certificate 2.the value of pk
阅读全文
摘要:BRIEF ADCS(Active Directory certificate service).There are a lot enterpirse CA set up to issue certificates using certificate template definitions,whi
阅读全文
摘要:信息收集 Pay attention to the last line ssl-date: we have 7 hour clock skew,which should keep in mind if doing any keberos auth. SMB-TCP445 smbclient -N -
阅读全文
摘要:Briefly instruction: This time,the target machine encouter some url coding,php code audit found deserialization,script writing according to the conten
阅读全文
摘要:Flask exploit /proc/self/cmdline understands which process is currently running to provice the web service. curl http://10.10.11.201:8000/?page=../../
阅读全文
摘要:This article will talk about th technical points and not talk about the whole pross this target machine has serveral technical points.One is when the
阅读全文
摘要:BREIFLY. this box is quite hard for beginner. the walkthrough is following: 1.nmap scan open ports detail and discover this box open 22 and 80 port bu
阅读全文
摘要:brief intruducton 1.The first breakthrouth is week password of admin at http://10.10.11.243/ website. if we could utilize admin/admin successfully acc
阅读全文
摘要:walkthough 1.We must browse the website and look up the business point for the webpage. at this box we can find the code repository.code auditing and
阅读全文
浙公网安备 33010602011771号