SUMMARY.md

Table of contents

⚡ Welcome!

• 👾 Hackzzz
• 📝 Writeups
  • HackTheBox
    • 🐧 Linux
      • Lame
      • Squashed
      • Faculty
    • 🪟 Windows
      • Jeeves
      • Bart
      • Active
      • Tally
  • Portswigger
    • 📂 File upload
      • Apprentice
        • Remote code execution via web shell upload
        • Web shell upload via Content-Type restriction bypass
    • 💉 SQL Injection
      • Apprentice
        • SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
        • SQL injection vulnerability allowing login bypass
      • Practioner
        • SQL injection UNION attack, determining the number of columns returned by the query
        • SQL injection UNION attack, finding a column containing text
        • SQL injection UNION attack, retrieving data from other tables
        • SQL injection UNION attack, retrieving multiple values in a single column
        • SQL injection attack, querying the database type and version on Oracle
        • SQL injection attack, querying the database type and version on MySQL and Microsoft
        • SQL injection attack, listing the database contents on non-Oracle databases
        • SQL injection attack, listing the database contents on Oracle
        • Blind SQL injection with conditional responses
        • Blind SQL injection with time delays
        • Blind SQL injection with time delays and information retrieval
    • 📑 Information Disclosure
      • Apprentice
        • Error Messages
        • Filtering a debug page
        • Backup Leakage
        • Authentication bypass via information disclosure
      • Practitioner
        • Information disclosure in version control history
    • 🪜 Directory Traversal
      • Apprentice
        • File path traversal, simple case
      • Practioner
        • File path traversal, traversal sequences blocked with absolute path bypass
        • File path traversal, traversal sequences stripped non-recursively
        • File path traversal, traversal sequences stripped with superfluous URL-decode
        • File path traversal, validation of file extension with null byte bypass
    • 🧑‍💻 OS Command Injection
      • Apprentice
        • OS command injection, simple case
      • Practioner
        • Blind OS command injection with time delays
        • Blind OS command injection with output redirection
    • 🧃 Broken Authentication
      • Apprentice
        • Username enumeration via different responses
        • 2FA simple bypass
        • Password reset broken logic
    • 🗃️ Access Control
      • Apprentice
        • Unprotected admin functionality
        • Unprotected admin functionality with unpredictable URL
        • User role controlled by request parameter
        • User role can be modified in user profile
        • User ID controlled by request parameter
        • User ID controlled by request parameter, with unpredictable user IDs
        • User ID controlled by request parameter with data leakage in redirect
        • User ID controlled by request parameter with password disclosure
        • Insecure Direct Object References (IDOR)
    • 📝 External Entity Injection
      • Apprentice
  • TryHackme
    • 🐧 Linux
    • 🪟 Windows
      • Crocc Crew
      • Enterprise
• 🔮 Github
• 📺 YouTube Channel

Everything About and Notes

• 🥷 Five stages of Ethical Hacking
• 🔍 OSINT
  • 🕵️ Information Gathering Methodologies
    • Information Gathering
      • OSINT Employee's
      • Automate OSINT techniques
  • OSINT Checklist
  • Discovering Email Address
  • Breach Credentials
  • Reverse Image Searching
  • Hunting Usernames & Accounts
  • Searching People
  • Phone Numbers
  • Google Dorks
  • Search Engines
  • Default Passwords
  • Aircraft Tracking
  • Car OSINT
  • Wi-Fi OSINT
• 👁️ Network Pentesting
  • MITM Cheatsheet
  • Host Discovery
  • Scanning Hosts
  • Sniffing
  • Spoofing
  • DNS spoofing + apache2
  • Firewall/IDS Evasion
  • 🖨️ Printer Hacking
  • 👁️‍🗨️ IoT Pentesting
• 🪟 Windows and Active Directory
  • Windows Basic Commands
    • Network Command's
    • Tasks
    • Computer Slow Command's
  • Active Directory
    • AD Enumeration
    • Man-In-The-Middle Attacks
      • SMB Relay
      • LLMNR Poisoning
    • Zerologon (2020-1472)
    • Password Cracking
    • Kerberoasting
      • Kerbrute
      • ASREP Roasting
    • Post-Compromise Enumeration
      • Powerview
      • Bloodhound
        • Installing & Setting Up
        • SharpHound
        • Using BloodHound
    • Post-Compromise attacks
      • Privilege Escalation
        • Token Impersonation
        • Print Nightmare (CVE-2021-1675)
      • Pass Attacks
        • Pass the Hash
        • Pass the Password
        • GPP cPassword Attack
      • Mimikatz
        • Golden Ticket Attack
      • Dumping hashes (secretsdump)
  • Windows Privilege Escalation
    • Unquoted Path Service
    • Abusing the Golden Privileges
    • Print Spoofer
    • Print-Nightmare
    • Rogue Potato
  • Active Directory Exploitation Cheat Sheet
  • Active Directory Attacks (PayloadAllTheThings)
• 🧠 Social Engineering
  • Windows Malware
    • Generating Undetectable backdoors
    • Bypassing Anti-Virus by modifying Hex Value
    • Creating Trojans
      • Embedding malicious files in Images or PDF
      • Changing Trojans Icon
      • Spoofing file extensions
      • Microsoft Office Trojans
        • Word Macros
  • OS X Malware
    • Using Msfvenom
  • Linux Malware
    • Simple Backdoors
    • Embedding Evil Code in a Legitimate Linux Package
    • Backdooring An APK
  • Spying Software
  • Delivery methods
    • Gophish
    • Spoofing Emails
      • Setting Your Own SMTP server
    • Creating Fake Login Website
    • Manipulating URL's
  • Make attacks outside the network
    • Ngrok
  • Social Engineering
• 🕸️ Web Pentesting
  • Web Basics
  • Information Gathering - Some One-liners
  • File Upload
  • Code Execution
  • Local File Inclusion
  • SQL Injection
  • XSS (Corss-site scripting)
  • CSRF (Cross-site requests forgery)
  • Discovering Vulnerabilities using OWASP ZAP
  • CMS
    • Wpscan
  • 🕷️ OWASP Testing Guide
  • 📒 Bug Bounty Checklist
• 📡 Wireless Pentesting
  • Wi-Fi Network Fundamentals
    • Basic Terminologies and Concepts
  • De-authentication
  • Disassociation Packets
  • Beacon Flooding
  • Authentication Denial-Of-Service
  • SSID Probing and Bruteforcing
  • EAPOL Start and Logoff Packet Injection
  • Attacks for IEEE 802.11s mesh networks
  • WIDS Confusion
  • WEP
    • Caffe-Latte
  • WPA/WPA2 - PSK
    • Handshake Capture
    • WPA Cracking
    • Resources
  • Evil Twin Attacks
    • WifiPumpkin3
      • Creating a fake access point
      • Using captive portal attack
      • Pulp scripts
  • WI-FI Pentesting Guide
• 🔥 Binary Explotation
  • Assembly for Reverse Engineering
  • Reversing
• 🏃‍♂️ Pivoting & Port-forwarding
  • Chisel
  • SSH
  • Socat
  • plink
  • sshuttle
  • Pivoting Bash Scripts
• 📱 Mobile Application Pentesting
  • Android Hacking Methodology
  • Mobile Application CheatSheet
  • Android Penetration Testing
• 🦾 Arduino
• 🌐 External Pentesting
  • External Pentesting

Gadgets

• 📇 Proxmark3
  • Attacking MIFARE Classic 1KB
• 📡 SDR Hacking
  • Hardware
  • Using RTL-SDR
  • DragonOS
• 🍍 WI-FI Pineapple
  • Evil Portals

🚩 Resources

• 🐙 Extras
  • Drone Hacking
  • Password Cracking with Rules and Munging
  • Game Hacking
  • Personal Security Checklist
• 🟦 Metasploit
  • Metasploit Modules
• rc Personal Config (.bashrc && .zshrc)
• WADCOMS
• GTFOBins
• LOLBAS
• Devhints
• Weakpass
• Revshells
• 📑 Pentesting Reports Repo