Best of Lateral Movement
Over Pass the Hash
https://www.hackingarticles.in/lateral-movement-over-pass-the-hash/
Pass the Hash Attack
https://www.hackingarticles.in/lateral-movement-pass-the-hash-attack/
CrackMapExec
https://www.hackingarticles.in/lateral-moment-on-active-directory-crackmapexec/
WMI
https://www.hackingarticles.in/lateral-movement-wmi/
Lateral Movement: Pass the Ticket Attack
https://www.hackingarticles.in/lateral-movement-pass-the-ticket-attack/
Lateral Movement: Pass the Cache
https://www.hackingarticles.in/lateral-movement-pass-the-ccache/
Over Pass the Hash
https://www.hackingarticles.in/lateral-movement-over-pass-the-hash/
Pass the Hash Attack
https://www.hackingarticles.in/lateral-movement-pass-the-hash-attack/
CrackMapExec
https://www.hackingarticles.in/lateral-moment-on-active-directory-crackmapexec/
WMI
https://www.hackingarticles.in/lateral-movement-wmi/
Lateral Movement: Pass the Ticket Attack
https://www.hackingarticles.in/lateral-movement-pass-the-ticket-attack/
Lateral Movement: Pass the Cache
https://www.hackingarticles.in/lateral-movement-pass-the-ccache/
❤2
Best of Windows Persistence
Windows Persistence: Accessibility Features
https://www.hackingarticles.in/persistence-accessibility-features/
Domain Persistence: Golden Ticket Attack
https://www.hackingarticles.in/domain-persistence-golden-ticket-attack/
Windows Persistence: Netsh
https://www.hackingarticles.in/windows-persistence-using-netsh/
Windows Persistence: Bits Job
https://www.hackingarticles.in/windows-persistence-using-bits-job/
Windows Persistence: WinLogon
https://www.hackingarticles.in/windows-persistence-using-winlogon/
Windows Persistence: RID Hijacking
https://www.hackingarticles.in/persistence-rid-hijacking/
Windows Persistence: Application Shimming
https://www.hackingarticles.in/windows-persistence-using-application-shimming/
Windows Persistence: PowerShell Empire
https://www.hackingarticles.in/windows-persistence-with-powershell-empire/
Windows Persistence: Accessibility Features
https://www.hackingarticles.in/persistence-accessibility-features/
Domain Persistence: Golden Ticket Attack
https://www.hackingarticles.in/domain-persistence-golden-ticket-attack/
Windows Persistence: Netsh
https://www.hackingarticles.in/windows-persistence-using-netsh/
Windows Persistence: Bits Job
https://www.hackingarticles.in/windows-persistence-using-bits-job/
Windows Persistence: WinLogon
https://www.hackingarticles.in/windows-persistence-using-winlogon/
Windows Persistence: RID Hijacking
https://www.hackingarticles.in/persistence-rid-hijacking/
Windows Persistence: Application Shimming
https://www.hackingarticles.in/windows-persistence-using-application-shimming/
Windows Persistence: PowerShell Empire
https://www.hackingarticles.in/windows-persistence-with-powershell-empire/
Comprehensive Guide on HTML Injection
🔥 Telegram: https://news.1rj.ru/str/hackinarticles
Today, in this article, we’ll learn how such misconfigured HTML codes, open the gates for the attackers to manipulate the designed webpages and grabs up the sensitive data from the users.
🌐 What is HTML?
📘 Introduction to HTML Injection
💥 Impact of HTML Injection
⚔️ HTML Injection vs XSS
🧬 Types of Injection
💾 Stored HTML
🔁 Reflected HTML
📥 Reflected GET
📤 Reflected POST
🔗 Reflected Current URL
🔥 Telegram: https://news.1rj.ru/str/hackinarticles
Today, in this article, we’ll learn how such misconfigured HTML codes, open the gates for the attackers to manipulate the designed webpages and grabs up the sensitive data from the users.
🌐 What is HTML?
📘 Introduction to HTML Injection
💥 Impact of HTML Injection
⚔️ HTML Injection vs XSS
🧬 Types of Injection
💾 Stored HTML
🔁 Reflected HTML
📥 Reflected GET
📤 Reflected POST
🔗 Reflected Current URL
A Detailed Guide on OS Command Injection
🔥 Telegram: https://news.1rj.ru/str/hackinarticles
In this article, we’ll learn about OS Command Injection, in which an attacker is able to trigger some arbitrary system shell commands on the hosted operating system via a vulnerable web-application.
📘 Introduction to Command Injection
❓ How Command Injection Occurs?
🔣 Metacharacters
📂 Types of Command Injection
💥 Impact of OS Command Injection
🧭 Steps to Exploit – OS Command Injection
🛠️ Manual Exploitation
📟 Basic OS Command Injection
🚫 Bypass a Blacklist Implemented
🤖 Exploitation through Automated Tools
🧪 Burp Suite
✍️ Manual
🌪️ Fuzzing
🧬 Commix
🎯 Metasploit
👁️ Blind OS Command Injection
🔍 Detection
💣 Exploitation
🔥 Telegram: https://news.1rj.ru/str/hackinarticles
In this article, we’ll learn about OS Command Injection, in which an attacker is able to trigger some arbitrary system shell commands on the hosted operating system via a vulnerable web-application.
📘 Introduction to Command Injection
❓ How Command Injection Occurs?
🔣 Metacharacters
📂 Types of Command Injection
💥 Impact of OS Command Injection
🧭 Steps to Exploit – OS Command Injection
🛠️ Manual Exploitation
📟 Basic OS Command Injection
🚫 Bypass a Blacklist Implemented
🤖 Exploitation through Automated Tools
🧪 Burp Suite
✍️ Manual
🌪️ Fuzzing
🧬 Commix
🎯 Metasploit
👁️ Blind OS Command Injection
🔍 Detection
💣 Exploitation
Wireless Penetration Testing: PMKID Attack
🔥 Telegram: https://news.1rj.ru/str/hackinarticles
This attack targets WPA and WPA2 protocols effectively. However, recent studies show that WPA3 offers far greater resistance and shows little to no success against PMKID attacks.
🔓 Open System Authentication
🔐 Shared Key Authentication
📶 WPA and WPA2 PSK
🤝 4-Way Handshake
🧠 PMK Caching and PMKID (in the RSN IE frame)
📖 Explanation of Attack
🎯 Capturing PMKID using hcxdumptool
⚙️ Converting pcapng to hashcat file and Cracking Using Hashcat
🎯 Capturing Only a Single PMKID using hcxdumptool
🔄 Converting pcapng to pcap and Cracking Using Aircrack-ng
🛠️ PMKID Capture and Attack Using Airgeddon
🌐 PMKID Capture Using Bettercap
🔥 Telegram: https://news.1rj.ru/str/hackinarticles
This attack targets WPA and WPA2 protocols effectively. However, recent studies show that WPA3 offers far greater resistance and shows little to no success against PMKID attacks.
🔓 Open System Authentication
🔐 Shared Key Authentication
📶 WPA and WPA2 PSK
🤝 4-Way Handshake
🧠 PMK Caching and PMKID (in the RSN IE frame)
📖 Explanation of Attack
🎯 Capturing PMKID using hcxdumptool
⚙️ Converting pcapng to hashcat file and Cracking Using Hashcat
🎯 Capturing Only a Single PMKID using hcxdumptool
🔄 Converting pcapng to pcap and Cracking Using Aircrack-ng
🛠️ PMKID Capture and Attack Using Airgeddon
🌐 PMKID Capture Using Bettercap
🔍 [Day 3] ADCS Exploitation: ESC3
ESC3 exploits misconfigured Enrollment Agent templates, allowing attackers to request certificates for other users.
📌 Key Points:
Risk: Templates with Enrollment Agent rights enable malicious certificate issuance.
Exploitation: Forge certificates for privileged accounts using Certificate Request Agent permissions.
Mitigation: Restrict Enrollment Agent roles and audit template permissions.
📖 Reference: ESC3 Technical Breakdown
ESC3 exploits misconfigured Enrollment Agent templates, allowing attackers to request certificates for other users.
📌 Key Points:
Risk: Templates with Enrollment Agent rights enable malicious certificate issuance.
Exploitation: Forge certificates for privileged accounts using Certificate Request Agent permissions.
Mitigation: Restrict Enrollment Agent roles and audit template permissions.
📖 Reference: ESC3 Technical Breakdown
FFUF
🔴⚫️Full HD Image: https://github.com/Ignitetechnologies/Mindmap/blob/main/ffuf/FFUF%20HD.png
🔴⚫️Full HD Image: https://github.com/Ignitetechnologies/Mindmap/blob/main/ffuf/FFUF%20HD.png