Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Information collection
- Open source intelligence information collection(OSINT)
- github.
- whois lookup / registrant reverse lookup / email reverse lookup / related assets
- google hacking
- Creating an enterprise password dictionary
- Dictionary list
- Mailbox list acquisition
- Collect relevant information from outside the company
- Subdomain acquisition
- Access the intranet.
- Based on weak enterprise account vulnerability
- Entry based on system vulnerabilities
- Website application penetration
- Wireless Wi-Fi access
- Stealth attack
- Command and Control
- Froting.
- Agent
- Cross-border intranet applications
- Intra-network cross-border forwarding
- Intra-network cross-border proxy penetration
- EW
- Termite
- Agent script
- shell bounce
- Transfer and download of intranet files
- Intranet information collection
- Local information collection
- 1, user list
- 2, process list
- 3, service list
- 4. list of ports
- 5, patch list
- 6, native sharing
- 7, the user habits analysis
- 8, get the current user password tool
- Windows
- Linux
- Diffusion information collection
- Port scanning
- Common port scanning tool
- Internal network topology architecture analysis
- Common information collection commands
- Third party information collection
- Elevation of privilege
- Windows
- BypassUAC
- Common methods
- Common tools
- Power of attorney.
- Linux
- Kernel overflow weights
- Scheduled tasks
- SUID.
- Wrong permission configuration vulnerability for system service
- Insecure file / folder permissions configuration
- Find the stored plaintext username, password
- Permission maintained
- System back door
- Windows
- 1, password logging tool
- 2, commonly used storage Payload location
- 3, Run/RunOnce Keys
- 4, BootExecute Key
- 5, Userinit Key
- 6, Startup Keys
- 7, Services
- 8, Browser Helper Objects
- 9, AppInit_DLLs
- 10, file name
- 11, bitsadmin
- 12. Ministry of Finance
- 13, wmi
- 14. user persistence and Scheduled Tasks
- 15, Netsh
- 16, gasket
- 17, DLL.
- 18, double agent
- 19, wait.exe file
- 20, AppDomainManager
- 21, Office
- 22, CLR
- 23, msdtc
- 24, hijacking CAccPropServicesClass and mmdeviceenumerator
- 25, hijack the browser.exe file
- 26, Windows fax DLL injection
- 27.
- 28, fast way
- 29, login script
- 30, password filter DLL
- 31, the use of BOHO do IE browser
- Linux
- crontab
- Hard links sshd
- SSH Server wrapper
- SSH keylogger
- Cymothoa_ process injection backdoor
- rookit
- Tools:
- WEB backdoor
- Lateral penetration
- Port penetration
- Port scanning
- Port blasting
- Port weak password
- Port overflow
- Common default ports
- 1, web class (web vulnerability / sensitive directory)
- 2, database class (scan weak password)
- 3, Special Service Class (unauthorized / command execution class / vulnerability)
- 4, common port class (scan weak password / port blasting)
- 5, the total port corresponding to the service
- Information collection
- Method for obtaining Domain Control
- SYSVOL.
- MS14-068 Kerberos
- SPN scan
- Golden ticket to Kerberos
- Kerberos's Silver Ticket.
- Domain service account crack
- Certificate theft
- Address Resolution Protocol
- Get AD hash
- Ad persistence
- Active Directory persistence tips
- Security Support Provider
- SID History
- AdminSDHolder&SDProp
- Group Policy
- Hook PasswordChangeNotify
- TIPS
- Related tools
- Executing programs on remote systems
- IOT related
- Middleman.
- Avoid killing and testing
- bypassAV
- Bypass Applocker
- Bypass
- Trace cleanup.
- Windows log table
- The Windows log》
- Doctors Without Borders
- 3389.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement