This post is going to contain a list of common tools, vulnerabilities, & methodology tactics broken down by category and contains links to references that will showcase examples. This document will be updated often as I work through more and more resources.
Enumerating Common Services
Enumerating SMB 139,445
- Using
smbmapandsmbclientto crawl and browse shares. Example of this in HTB FriendZone – Link to Ippsec video.
Enumerating LDAP 389
- HackTheBox: LightWeight – Link to Ippsec Video
External Tools/Methodology
Using Hydra to Brute-Force Websites
- My general guide for this is found here.
- HackTheBox: Nineveh. Write up found here.
Using ASP/ASPX Webshells
- HackTheBox: Devel. Write up found here.
Enumerating Tomcat
- Common directory for login is http://address:8080/manager/html
Enumerating HTTP Proxies
- HackTheBox – Kotarak – Link to Ippsec video.
- How To Route Tools (Gobuster) Through a BurpSuite Proxy
Connecting to/Abusing IRC
- HackTheBox – Irked – Link to Ippsec video.
Performing Zone Transfers
- HackTheBox: FriendZone – Link to Ippsec Video
- Performing DNS Zone Transfer & Viewing the Results w/ Aquatone. Link to my tutorial
Local/Remote File Inclusion (LFI & RFI)
- Using PHP Wrappers within LFI to Obtain PHP Script Source Code — My post
- XML Entity Injection (XXE) Vuln for LFI. HackTheBox: DevOops. – Link to Ippsec Video
Privilege Escalation Techniques/Tools
Privilege Escalation: Using Sherlock
- HackTheBox: Devel. Write up found here.
Privilege Escalation: Using Windows-Exploit-Suggester
- HackTheBox: Arctic. Write up found here.
Pivoting & Utilizing Proxies
Routing Tools Through Proxies
- Routing GoBuster through BurpSuite. Guide found here.
Common Vulnerabilities
Exploiting MS17-010 (EternalBlue)
- HackTheBox: Blue
Exploiting MS14-066 (Heartbleed)
- HackTheBox: Valentine. Write up found here.
Exploiting CVE-2016-5195 (DirtyCow)
Common Active Directory Attacks
Abusing LLMNR/NBT-NS w/ Responder
- Capturing NTLMv2 Hashes. Tutorial found here.
- Performing relay attacks.
Infinite Logins 