-
Linux Privilege Escalation
I have written a cheat sheet for windows privilege escalation recently and updating continually. Privilege Escalation is a very important skills in real world pentesting or even for OSCP. So Whatever i have learned during my OSCP Journey, took note. I have organized my notes as a cheat sheet and decided to share publicly, in case it is useful for someone. These technique collected from various source in the Internet, Video and tested in HTB, CyberSecLabs, and in home labs.
Read more → -
Windows Privilege Escalation
In the OSCP exam, Only Gaining access is not enough. Most of the machines may require to escalate to higher privilege. To learn more about windows privilege escalation I have taken a course from Udemy, watching IPSec youtube video, and reading tutorials from various sources. Whatever i have learned, took note. I have organized my notes as a cheat sheet and now it is public. Note: A cheat sheet is not understandable without basic knowledge!
Read more → -
Penetration Testing CheatSheet
While i was Studying for OSCP from various sources. I took note, made a quick cheat sheet, so that i don’t need to search same thing again and again. I am sharing this cheat sheet as i think it might be useful for someone. Enumeration Enumeration is most important part. All finding should be noted for future reference. Without enumeration, we will have hard time to exploit the target. Basic Enumeration Whenever I start pentesting an IP address, My First starting favorite tool is nmap.
Read more → -
Bash Script Cheat Sheet
Hello REDTM #!/usr/bin/bash #This is Comment echo "Hello REDTM" printf "Hello REDTM" Save as hello.sh , give it execute permission chmod +x hello.sh and run ./hello.sh Parameters #!/usr/bin/bash #This is Comment echo -e "Hello $1" printf "Hey, how is it goin $1?" echo "" $1 is the first parameters, second parameters should be $2 and so on. Variables Variables used to store data to use in future by referencing to the variable name!
Read more → -
Custom Malware in C++
This is not a tutorial guide or course. I have wrote this as my note. But you can also utilize my idea if you have basic understanding of C++ and windows API. Understanding 5 WIN API What is the idea to execute our shellcode? Allocate Memory space as RW to store our shellcode Copy our shellcode to that memory Make the memory as executable. Run the payload. Wait to exit VirtualAlloc This function allocate memory space.
Read more → -
Hashcat Cheat Sheet
As a penetration tester we can’t ignore hash cracking if we even can do pass-the-hash. Hash cracking could be one of the last resort if nothing work. Hashcat is the most popular and fastest program to crack password hash. I have included most common technique that can be used in hashcat to crack password hash. Installation apt install cmake build-essential -y apt install checkinstall git -y git clone https://github.com/hashcat/hashcat.git make && make install Performance on nVidia 3080 Ti Performance check for all supported hash:
Read more → -
Microsoft Word Macro Payload
Delivering reverse shell payload via the office macro is old but still works if you can bypass AV. Get your code ready Start Microsoft Office 2016 Pro Plus and Go View Tab and Click Macros>View Macros Give a macro name, Select Macros in Document1 and Click Create Paste the below code and save as Word Macro-Enabled Document or Word 97-2003 Document Sub TestMacro() ' ' TestMacro Macro ' ' cmd = "calc.
Read more → -
MSDT-Follina Exploit for Initial Access
A new Remote Code Execution vulnerability for Microsoft Windows Support Diagnostic Tool(MSDT) which can be exploited using Microsoft Office Word(2013-2021). Developing the exploit Step 1 Create a docx file in your Microsoft Office Word Step 2: Edit Using 7z zip Step 3 Go to word\_rels\document.xml.rels , right click>edit The content should be exactly like: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/webSettings" Target="webSettings.xml"/><Relationship Id="rId7" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/theme" Target="theme/theme1.xml"/><Relationship Id="rId2" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/settings" Target="settings.xml"/><Relationship Id="rId1" Type="http://schemas.
Read more → -
Penetration Testing Learning Path
It is a long journey. We need to prepare ourselves for adjusting ourselves to learn new methods and technique. If someone is beginner, they can follow this path to start the learning on penetration Testing. This is just a short syllabus. There are more advanced topics but it is a good start for newbie! Many Guys asked me if there is any learning path to follow I can tell them. So to favore them, i publishied this here, which published on my GitHub already, and also some youtube video!
Read more → -
Pentesting Web Auth
Username Enumeration Username can be enumerated in various way. For Example: Test with valid/invalid username and observe error message, and also compare Content length for both request. Analyze the URL for different behaviors, such as valid user get https://redtm.com/valid?err=1 and wrong user get https://redtm.com/valid?err=0. Observe http error message, such as a valid user url https://ip/admin giving error 403 whereas https://ip/wrongUser error is 404. Analyze the Pages title. The page title could be a different for wrong/right username.
Read more → -
Server-Side input validation testing
The common technique to find input validation vulnerability: Fuzz All parameters for OS Command Injection Encode payload in different way to bypass filter! SQL Injection SQL injection is most of the popular web hacking technique. If the web app is vulnerable to SQL Injection, Attackers can read, write data in database, and in some case able execute system command. Union Based SQLi - We can retrieve data from different database table.
Read more →