S4vitar Machine's Resolutions

Skills: DNS Enumeration (dnsenum) SQUID Proxy WPAD Enumeration OpenSMTPD v2.0.0 Exploit SSH using Kerberos (gssapi) Abusing .k5login file Abusing krb5.keytab file

Skills: SQLI (Error Based) SQLI -> RCE (INTO OUTFILE) Information Leakage

Skills: SNMP Enumeration Information Leakage IPV6 ICMP Data Exfiltration (Python Scapy)

Skills: Abusing Node-Red Chisel & Socat Usage Redis-Cli Exploitation Rsync Abusing Cron Exploitation Disk Mount File Transfer Tips PIVOTING

Skills: Abusing Printer Abusing Server Operators Group Service Configuration Manipulation

Skills: Information Leakage Port Forwarding Strapi CMS Exploitation Laravel Exploitation

Skills: Password Guessing WordPress Abusing RPC Calls WordPress XML-RPC Create WebShell PwnKit Exploit

Skills: Git Source Leak Exploit (GitHack) AWS Enumeration Lambda Function Enumeration Authentication Bypass Abusing JWT Server Side Template Injection (SSTI) Tar Symlink Exploitation

Skills: Jenkins Exploitation (Groovy Script Console) RottenPotato (SeImpersonatePrivilege) PassTheHash (Psexec) Breaking KeePass Alternate Data Streams (ADS)

Skills: Information Leakage SNMP Enumeration (Snmpwalk/Snmpbulkwalk) SeedDMS Exploitation SELinux (Extra) SNMP Code Execution

Skills: SMB Enumeration Kerberos User Enumeration (Kerbrute) ASRepRoast Attack (GetNPUsers) Bloodhound Enumeration Abusing ForceChangePassword Privilege (net rpc) Lsass Dump Analysis (Pypykatz) Abusing WinRM SeBackupPrivilege Exploitation DiskShadow Robocopy Usage NTDS Credentials Extraction (secretsdump)

Skills: XSS Injection XSS Cookie Stealing Cookie Hijacking Code Analysis Building a Key Generator (PYTHON) SQLI (Error Based) LFI && Wrappers Bash Scripting for Host Discovering Information Leakage Pivoting Abusing Docker Abusing Capabilities

Skills: Abusing Squid Proxy Abusing GlusterFS Information Leakage Server Side Template Injection (SSTI)[RCE] Abusing Azure Storage

Skills: Server Side Request Forgery (SSRF) Exploiting Voting System Abusing AlwaysInstallElevated (msiexec/msi file)

Skills: NoSQL Injection (Authentication Bypass) XXE File Read NodeJS Deserialization Attack (IIFE Abusing) Mongo Database Enumeration

Skills: NodeJS SSTI (Server Side Template Injection) AppArmor Profile Bypass (Privilege Escalation)

Skills: Information Leakage Subdomain Enumeration SSTI (Server Side Template Injection) Abusing PassBolt Abusing GPG

Skills: SQLI (Error Based) Hash Cracking Weak Algorithms Password Reuse Server Side Template Injection (SSTI) Docker Breakout (Privilege Escalation) [PIVOTING]

Skills: OpenSSL Cipher Brute Force and Decryption Drupal Enumeration/Exploitation H2 Database Exploitation

Skills: Information Leakage WordPress Plugin Exploitation (Spritz) Local File Inclusion (LFI) Cacti 1.2.12 Exploitation Apache OfBiz Deserialization Attack (RCE) Docker Breakout (cap_sys_module Capabilitie) [PRIVILEGE ESCALATION]

Skills: Information Leakage Kerberos Enumeration (Kerbrute) Creating a DNS Record (dnstool.py) [Abusing ADIDNS] Intercepting Net-NTLMv2 Hashes with Responder BloodHound Enumeration Abusing ReadGMSAPassword Rights (gMSADumper) Pywerview Usage Abusing Unconstrained Delegation Abusing AllowedToDelegate Rights (getST.py) (User Impersonation) Using .ccache file with wmiexec.py (KRB5CCNAME)

Skills: Domain Zone Transfer (AXFR) SQLI (Error Based) [WHOIS] PCAP Analysis (Tshark && Wireshark) Abusing Rootkit

Skills: Password Guessing SCF Malicious File Print Spooler Local Privilege Escalation (PrintNightmare) [CVE-2021-1675]

Skills: Server Side Request Forgery (SSRF) [Internal Port Discovery] ICMP Reverse Shell (PowerShell) [Firewall Bypassing] Alternate Data Streams (ADS) Firewall Evasion [Firewall Rules Manipulation]

Skills: SMBCacls Enumeration Malicious SCF File (Getting NetNTLMv2 Hash) Ldap Enumeration (LdapDomainDump) Abusing Microsoft Active Directory Certificate Services Creating Certificate Signing Requests (CSR) [Openssl] CLM / AppLocker Break Out (Escaping ConstrainedLanguage) PSByPassCLM Usage (CLM / AppLocker Break out) Msbuild (CLM / AppLocker Break Out) Kerberoasting Attack (Rubeus) Kerberoasting Attack (Chisel Port Forward - GetUserSPNs.py) WINRM Connections BloodHound Enumeration DCSync Attack (secretsdump.py) DCSync Attack (Mimikatz) PassTheHash (wmiexec.py)

Skills: PostgreSQL Injection (RCE) Abusing boot2docker [Docker-Toolbox] Pivoting

Skills: WordPress Lcars Plugin SQLI Vulnerability SQL Injection (boolean-based blind, error-based, time-based blind) WordPress Exploitation [www-data] (Theme Edition - 404.php Template) Joomla Exploitation [www-data] (Template Manipulation) Docker Breakout Ghidra Binary Analysis Buffer Overflow (No ASLR - PIE enabled) [RET2LIBC] (Privilege Escalation)

Skills: Password Guessing Abusing e-mail service (claws-mail) Crypto Challenge (Decrypt Secret Message - AES Encrypted) LaTeX Injection (RCE) Bypassing rbash (Restricted Bash) Extracting Credentials from Firefox Profile

Skills: Kubernetes API Enumeration (kubectl) Kubelet API Enumeration (kubeletctl) Command Execution through kubeletctl on the containers Cluster Authentication (ca.crt/token files) with kubectl Creating YAML file for POD creation Executing commands on the new POD Reverse Shell through YAML file while deploying the POD

Skills: Information Leakage (GitBucket) Breaking Parser Logic - Abusing Reverse Proxy / URI Normalization Exploiting Tomcat (RCE) [Creating malicious WAR] Abusing existing YML Playbook file [Cron Job] Ansible-playbook exploitation (sudo privilege)

Skills: Abusing URI Normalization Server Side Template Injection (SSTI) [NUXEO Vulnerability] Unified Remote 3 Exploitation (RCE) Decrypt Mozilla protected passwords Reversing EXE in Ghidra Buffer Overflow (Socket Reuse Technique) [AVANZADO]

Skills: SNMP Enumeration Network Printer Abuse CUPS Administration Exploitation (ErrorLog) EXTRA -> (DirtyPipe) [CVE-2022-0847]

Skills: Jenkins Exploitation (New Job + Abusing Build Periodically) Jenkins Exploitation (Abusing Trigger builds remotely using TOKEN) Firewall Enumeration Techniques Jenkins Password Decrypt BloodHound Enumeration Abusing ForceChangePassword with PowerView Abusing GenericWrite (Set-DomainObject - Setting Script Logon Path) Abusing WriteOwner (Takeover Domain Admins Group)

Skills: Apache Struts Exploitation (CVE-2017-5638) Python Library Hijacking (Privilege Escalation)

Skills: Fuzzing Directory .git (GIT Project Recomposition) Web Injection (RCE) Abusing InfluxDB (CVE-2019-20933) Abusing Devzat Chat /file command (Privilege Escalation) EXTRA (Crypto CTF Challenge | N Factorization)

Skills: ManageEngine ServiceDesk Plus User Enumeration ManageEngine ServiceDesk Plus Authentication Bypassing ManageEngine ServiceDesk Plus Remote Code Execution Disabling Windows Defender (PowerShell) Mimikatz - Getting NTLM User Hashes (lsadump::sam) Reading Event Logs with Powershell (RamblingCookieMonster) [Get-WinEventData] Decrypting EFS files with Mimikatz Getting the certificate with Mimikatz (crypto::system) Decrypting the masterkey with Mimikatz (dpapi::masterkey) Decrypting the private key with Mimikatz (dpapi::capi) Building a correct PFX with Openssl Installing the PFX via certutil Installing VNC in the box via msiexec Connecting to the VNC service using vncviewer Converting Secure String File to PlainText Using RunAs to execute commands as the administrator

Skills: Login Bypass (Type Juggling Attack) Decrypting a ZIP file (PlainText Attack - Bkcrack) - CONTI RANSOMWARE

Skills: Blind XSS Injection Stealing the session cookie by XSS injection SQLI - Error Based SQLI - File Access SQLI - Stealing Net-NTLMv2 Hash (impacket-smbserver) XSS + XSRF => RCE Abusing a custom binary (Brute Force Pin && Overflow)

Skills: PHP Deserialization Attack Abusing Race Condition

Skills: Virtual Hosting Enumeration Referer XSS Injection XSS - Creating JS file (accessing unauthorized resources) Checking/Reading mail through XSS injection AWS Enumeration Lambda Enumeration Creating a Lambda Function (NodeJS) Invoking the created lambda function RCE on LocalStack Abusing FunctionName Parameter (AWS) by exploiting XSS vulnerability (RCE) Finding and exploiting custom 0Day [Privilege Escalation] Root FileSystem Access by abusing Docker

Skills: Database Enumeration (DBeaver) Bloodhound Enumeration (bloodhound-python) Exploiting MS14-068 (goldenPac.py) [Microsoft Kerberos Checksum Validation Vulnerability]

Skills: Abusing JWT (Gaining privileges) Abusing Upload File Docker Breakout [CVE-2019-5736 - RUNC] (Privilege Escalation)

Skills: Git Project Recomposition (.git) [Git-Dumper] Abusing WordPress (SimplePie + Memcache) [PHP Code Analysis] Memcache Object Poisoning (Gopherus + Deserialization Attack + RCE) LDAP Enumeration (Apache Directory Studio - GUI) Abusing LDAP to add an SSH Key Abusing LDAP to modify the user group to sudo (Privilege Escalation)

Skills: ShellShock Attack (User-Agent) Abusing Sudoers Privilege (Perl) EXTRA: Creamos nuestro propio CTF en Docker que contemple ShellShock

Skills: Information Leakage Mass Emailing Attack with SWAKS Password Theft Abusing Pypi Server (Creating a Malicious Pypi Package) Abusing Sudoers Privilege (Pip3)

Skills: Code Analysis Abusing an API Json Web Tokens (JWT) Abusing/Leveraging Core Dump [Privilege Escalation]

Skills: SQL Injection (XP_DIRTREE) - Get Net-NTLMv2 Hash Windows Defender Evasion (Ebowla) Windows Defender Evasion (Building our own C program) Service Listing Techniques Abusing Unifi-Video (Privilege Escalation)

Skills: ElasticSearch Enumeration Information Leakage Kibana Enumeration Kibana Exploitation (CVE-2018-17246) Abusing Logstash (Privilege Escalation)

Skills: CuteNews Exploitation Code Analysis USBCreator D-Bus Privilege Escalation Python Exploit Development (AutoPwn)

Skills: Brute Force Pin / Rate-Limit Bypass [Headers] Type Juggling Bypassing SQL Injection (Error Based) SQLI to RCE -> INTO OUTFILE Query Dirty Pipe Exploit (But with PAM-Wordle configured)

Skills: Abusing IPMI (Intelligent Platform Management Interface) Zabbix Exploitation MariaDB Remote Code Execution (CVE-2021-27928)

Skills: SharePoint Enumeration Information Leakage Playing with mounts (cifs, curlftpfs) Abusing Keepass Abusing Microsoft SQL Server (mssqlclient.py - xp_cmdshell RCE) Abusing SeImpersonatePrivilege (JuicyPotato)

Skills: Abusing Werkzeug Debugger (RCE) Binary Exploitation Advanced Buffer Overflow x64 - ROP / ASLR Bypass (Leaking Libc Address + Ret2libc + Setuid)

Skills: HTTP/3 Enumeration Recompiling curl to accept HTTP/3 requests Information Leakage Brute force in authentication panel XSS Injection Abusing Esigate (ESI Injection - RCE) Manipulating passwords in the database Abuing POS Print Server (File Hijacking Attack)

Skills: Nostromo Exploitation Abusing Nostromo HomeDirs Configuration Exploiting Journalctl (Privilege Escalation)

Skills: HTTP Request Smuggling Exploitation (Leak Admin Cookie) Cookie Hijacking Information Leakage AWS Enumeration AWS Secrets Manager AWS Key_management Enumeration AWS KMS Decrypting File

Skills: Padding Oracle Attack (Padbuster) Padding Oracle Attack (Bit Flipper Attack - BurpSuite) [EXTRA] Cookie Hijacking SQL Injection (Generic UNION query) - Error Based Breaking Password Upload File - Abusing Exiftool (RCE) DNS Hijacking (Abusing Cron Job) Ghidra Binary Analysis Reversing Code (Computing valid PIN) Buffer Overflow (Controlling the program and manipulating its flow to desired functions) Abusing Decryption Function (XOR Trick) [Privilege Escalation]

Skills: Advanced SQL Injection - MS SQL Server 2014 [Bypass Protection] [Python Scripting] [RCE] Abusing Cron Jobs Capcom Rootkit Privilege Escalation Binary and DLL Analysis in order to get root.txt [Radare2]

Skills: Local File Inclusion (LFI) Abusing Tomcat Virtual Host Manager Abusing Tomcat Text-Based-Manager - Deploy Malicious War (Curl Method) LXC Exploitation (Privilege Escalation)

Skills: API Enumeration Abusing API - Registering a new user Abusing API Logging in as the created user Enumerating FastAPI EndPoints through Docs Abusing FastAPI - We managed to change the admin password Abusing FastAPI We get the ability to read files from the machine (Source Analysis) Creating our own privileged JWT Abusing FastAPI - We achieved remote command execution through the exec endpoint Information Leakage (Privilege Escalation)

Skills: Subdomain Enumeration Information Leakage Password Fuzzing Gophish Template Log Poisoning (Limited RCE) Internal Port Discovery reGeorg - Accessing internal ports through a SOCKS proxy (proxychains) Accessing the WinRM service through reGeorg and SOCKS proxy Abusing Cron Job + SeImpersonatePrivilege Alternative Exploitation Playing with PIPES - pipeserverimpersonate Impersonating users and executing commands as the impersonated user Bypassing Firewall Rules (BlockInbound/BlockOutbound) Abusing Services Alternate Data Streams (ADS)

Skills: Abusing October CMS (Upload File Vulnerability) Buffer Overflow - Bypassing ASLR + Ret2libc (x32 bits) Buffer Overflow - Ret2libc without ASLR (x32 bits EXTRA)

Skills: SQL Injection - Sqlite XSS Injection - Bypassing Techniques (fromCharCode) + Own Javascript Code + Session Cookie Theft Abusing existing parameters - RCE NodeJS npm - Privilege Escalation

Skills: Bludit CMS Exploitation Bypassing IP Blocking (X-Forwarded-For Header) Directory Traversal Image File Upload (Playing with .htaccess) Abusing sudo privilege (CVE-2019-14287)

Skills: Compressed File Recomposition (Fixgz) Abusing TOTP (Python Scripting - NTP protocol) Playing with Static Routes XDebug Exploitation (RCE) Abusing PHP-FPM (RCE) [CVE-2019-11043] (PIVOTING) Abusing Capabilities (cap_setuid + Path Hijacking | Privilege Escalation)

Skills: XXE (XML External Entity Injection) Exploitation Modifying a wordpress login to steal credentials (Privilege Escalation)

Skills: Macro Inspection (Olevba2) MSSQL Hash Stealing [Net-NTLMv2] (xp_dirtree) Abusing MSSQL (xp_cmdshell) Cached GPP Files (Privilege Escalation)

Skills: Abusing GOGS (Project Enumeration) Static Code Analysis (Finding a backdoor with php-malware-scanner) Code deofuscation Reverse shell through backdoor Setting up a SOCKS5 Proxy (Chisel/Proxychains) Database Enumeration (Accessing GOGS) Abusing API (Stealing an authentication hash in MYSQL through Wireshark) Playing with epoch time to generate a potential list of passwords Cracking Hashes PIVOTING Process Enumeration (pspy) Abusing cron job to obtain a private key Decrypting database passwords (AES Encryption) Abusing PAM (Ghidra Analysis) Getting the root password by abusing time Advanced persistence techniques

Skills: WordPress Local File Inclusion Vulnerability (LFI) LFI to RCE (Abusing /proc/PID/cmdline) Gdbserver RCE Vulnerability Abusing Screen (Privilege Escalation) [Session synchronization]

Skills: SQL Injection [SQLI] - Error Based Advanced Bash Scripting (EXTRA) SQLI to RCE (Into Outfile - PHP File Creation) ConPtyShell (Fully Interactive Reverse Shell for Windows) Playing with ScriptBlocks and PSCredential to execute commands as another user AppLocker Bypass WinPEAS Enumeration Service ImagePath Hijacking (Privilege Escalation)

Bash Scripting class

Skills: Inspecting custom application Code Analysis Information Leakage Local File Inclusion (LFI) Google CloudStorage Commands Vulnerability (Command Injection) [RCE] Prototype Pollution Exploitation (Granting us privileges) Kubernetes (Interacting with the API) [kubectl] Finding containers with kubectl PIVOTING Abusing Prototype Pollution to jump to another container Listing secrets with kubectl Creating malicious Pod (Privilege Escalation) [Bad Pods] Peirates - Kubernetes Penetration Testing Tool [EXTRA]

Skills: Information Leakage (Code Inspection) Abusing OpenEMR Broken Access Control Authentication Bypassing (Abusing the registration panel) SQL Injection - Error Based [SQLI] OpenEMR Authentication Exploit (RCE) Abusing Docker Group (Privilege Escalation)

Skills: Information Leakage PFsense - Abusing RRD Graphs (RCE) [Evasion Techniques] Python Exploit Development (AutoPwn) [EXTRA]

Skills: Local File Inclusion (LFI) [Abusing file_get_contents] Abusing No Redirect Forge PHPSESSID and getting valid Cookies Forge JWT Uploading WebShell Obtaining system credentials through the webshell Abusing Sticky Notes Binary Analysis (Radare2) SQL Injection (SQLI) [Error Based] AES Decrypt (Cyberchief)

Skills: Information Leakage - Password in picture (wtf?) RPC Enumeration (rpcclient) Ldap Enumeration (ldapdomaindump) Bloodhound Enumeration Kerberoasting Attack (GetUserSPNs.py) SMB Password Spray Attack (Crackmapexec) Unprotecting password-protected Excel (Remove Protection) Playing with pfx certificates Gaining access to Windows PowerShell Web Access Abusing ReadGMSAPassword privilege Abusing GenericAll privilege (Resetting a user's password) Gaining access with wmiexec

Crack xlsx doc