Filter
Exclude
Time range
-
Near
sn🥶vvcr💥sh@snovvcrash
22 Oct 2024
[#HackTip ⚒️] Something fun I’ve had to do on an engagement today: swapping SYSTEM ↔️ user contexts to decrypt the local state key. The result can be passed to GhostPack’s #SharpChrome as /statekey to get target user’s plaintext cookies 🍪
5
36
157
11,496
JS0N Haddix
@Jhaddix
30 Mar 2024
HackTip: Easy Chrome DevTools Regex for fiinding secrets in html/js/json/etc... by @h4x0r_dz github.com/h4x0r-dz/Leaked-C…
33
135
12,305
Juaaan@juanillom96
2 Sep 2023
Hacktip: no acabes en tu piso teniendo relaciones con una mujer que has conocido de fiesta
Capitán Bitcoin
@CapitanBitcoin
31 Aug 2023
Imagina: -Eres hombre. Estás de fiesta pasándolo bien con una mujer -Acabáis en tu piso teniendo relaciones -Al día siguiente, pasadas las copas, se siente mal y concluye que ella no quería, que no hubo consentimiento -Te denuncia por violación en comisaría ¿Justo o injusto?
1
7
407
sn🥶vvcr💥sh@snovvcrash
16 Mar 2023
[#HackTip ⚒️] Who even cares about MS17-010 in 2k23?! Well I did at the recent pentest engagement 🤦🏻‍♂️ (1/) I’ve not practiced #EternalBlue exploitation already for a while, so I decided to deploy a vulnerable VM first in order not to screw up the production server ⤵️
5
17
86
19,289
sn🥶vvcr💥sh@snovvcrash
5 Feb 2023
[#HackTip ⚒️] One idea for NTDS on-site dumping without VSS: NTFSCopy (thx @RedCursorSec) #impacket’s RemoteOperations.getBootKey() secretsdump[.]py (e.g., via a pre-compiled binary or @naksyn’s awesome Pyramid) 🤪 ppn.snovvcrash.rocks/pentest…
Tim McGuffin@NotMedic
3 Feb 2023
That DIT is going to take forever to exfiltrate. Better to strip the hashes out and exfiltrate those instead. github.com/Dionach/NtdsAudit ntdsAudit.exe '.\Active Directory\ntds.dit' -s registry\SYSTEM -p pwddump.txt -u users.csv Its c#, so you can reflectively load it in PS, too.
2
38
158
25,170
sn🥶vvcr💥sh@snovvcrash
2 Dec 2022
[#HackTip ⚒️] A simple post-exploitation tip when you’ve added a GitLab admin from a compomised gitlab-rails console: if there’s only LDAP auth available and you cannot sign in even when you possess valid creds, do this to enable password auth for web 🤓 ppn.snovvcrash.rocks/pentest…
10
53
sn🥶vvcr💥sh@snovvcrash
1 Oct 2022
[#HackTip ⚒️] (1/3) There’re a couple of ways to become a local admin on a box when you possess only the corresponding machine account NT hash. The first one being the well known Silver ticket technique that can be performed via ticketer[.]py from #Impacket ⬇️
7
103
411
sn🥶vvcr💥sh@snovvcrash
20 Aug 2022
[#HackTip ⚒] While guys @_EthicalChaos_ and @an0n_r0 are talking about a legitimate way of jumping into RDP via smart card auth having a certificate, I’ll give a more clumsy approach: UnPAC-the-Hash (PKINIT) ⏭ DisableRestrictedAdmin=0 ⏭ scforceoption=0 ⏭ xfreerdp /pth 🎉
4
36
154
sn🥶vvcr💥sh@snovvcrash
13 Aug 2022
[#HackTip ⚒] Looking for a legitimate way of achieving #persistence on Windows? How about #AnyDesk silent deployment? 😉
12
212
792
sn🥶vvcr💥sh@snovvcrash
5 Aug 2022
[#HackTip ⚒] A cool technique for initial AD access during a pentest. Got a Cisco IP Phone nearby? Congrats, you’re (almost) an domain user! #pentest #ad #cisco
6
276
941
sn🥶vvcr💥sh@snovvcrash
2 Aug 2022
[#HackTip ⚒] Such a tiny code snippet that can help you bypass some automatic sandbox detections ⏳ #maldev
2
28
115
sn🥶vvcr💥sh@snovvcrash
22 Jul 2022
[#HackTip ⚒] When there’s not much info revealed about AD sites from CME subnets module, we can combine @_dirkjan’s adidnsdump with @pdiscoveryio mapcidr to get a nicely formatted list of the target intranetworks 🕸 #ad #dns
5
85
298
sn🥶vvcr💥sh@snovvcrash
20 Jun 2022
[#HackTip 🛠] Some tips and links on how NTDS reversible encryption usage (means you can DCSync cleartext passwords) can be enumerated during an AD security assessment: 🔗 adsecurity.org/?p=2053 🔗 blackhillsinfosec.com/how-i-… #ntds #ad #adsecurity
1
50
134
El tío Acuedu𝕏to 
@acueductoqro
8 Jun 2022
#HackTip Si tienes un restaurante, crea un perfil de Tinder y diles a tus Matchs que los verás ahí, que vayan pidiendo. Luego les escribes y les dices que algo paso y no podrás llegar. Clientes seguros.
2
3
33
sn🥶vvcr💥sh@snovvcrash
27 May 2022
[#HackTip 🛠] (1/2) Until I finally get around to watching @ippsec’s video on parsing #BloodHound JSONs with jq, I continue using my crappy Python script for printing neo4j node names in console 🐕 github.com/penetrarnya-tm/We… #bloodhound #cypher
ippsec
@ippsec
1 May 2022
Just uploaded a video on parsing Bloodhound Data with JQ, which allows us to create a lot of interesting lists. My favorite one is looking at passwords that have a set time newer than their last logon time. youtu.be/o3W4H0UfDmQ
3
28
110
sn🥶vvcr💥sh@snovvcrash
25 Apr 2022
[#HackTip ⚒] So, you’ve got a DA but feel like missing some plaintext credz or other valuable info in the infrastructure? Inspecting sensitive users’ habits by shadow monitoring their RDP sessions may set you on the right path 👀 #ad #pentest #rdp #shadow
2
73
250
sn🥶vvcr💥sh@snovvcrash
6 Apr 2022
[HackTip ⚒] A tiny Flask web server ready to shoot reflective CORS Access-Control-Allow-Origin headers to accept connections from an XSS affected victim while hosting your evil JS payload 😈
1
17
68
sn🥶vvcr💥sh@snovvcrash
22 Mar 2022
[HackTip ⚒] If you're having troubles brute forcing Net-NTLMv2 captured with responder/mitm6, it may be time to spray some P@ssw0rds 💨 To get a list of domain users with no creds you can relay SMB auth to any domain host with signing OFF and go for RID cycling via #impacket ⬇️
7
98
350
sn🥶vvcr💥sh@snovvcrash
18 Mar 2022
[HackTip ⚒] (2/2) That’s what it looks like in Bash ⬇️
2
3
16
sn🥶vvcr💥sh@snovvcrash
18 Mar 2022
[HackTip ⚒] (1/2) A tip for those who, like me, can't remember their IP address during a pentest and can't stop typing ifconfig eth0 / ip addr before doing another 1337 command 🤦🏻‍♂️
6
12
64
Load more