Etiquetas 2FA broken logic1 2FA simple bypass1 Abusing Account Operators Group2 Abusing Advice Directory Certificate Services (ADCS)1 Abusing AllowedToDelegate Rights (getST.py) (User Impersonation)1 Abusing AlwaysInstallElevated1 Abusing Azure Admins Group1 Abusing Capabilities (cap_dac_read_search+ei)1 Abusing Cron Job [Privilege Escalation]1 Abusing Devzat1 Abusing DnsAdmins Group1 Abusing e-mail service (claws-mail)1 Abusing File Upload1 Abusing ForceChangePassword Privilege (net rpc)1 Abusing FTP1 Abusing GPG1 Abusing GPP Passwords1 Abusing IIS1 Abusing InfluxDB1 Abusing James Remote Administration Tool1 Abusing LAPS to get passwords1 Abusing Logs + Cron Job1 Abusing misconfigured permissions [Privilege Escalation]1 Abusing MSSQL1 Abusing MSSQL (xp_dirtree)1 Abusing PassBolt1 Abusing PHP Disable Functions in order to RCE1 Abusing Printer1 Abusing PRTG Network Monitor1 Abusing PWM (Password Self Service)1 Abusing ReadGMSAPassword Rights (gMSADumper)1 Abusing Remote Management Users group (Evil-WinRM)1 Abusing Request Tracker1 Abusing Scheduled Tasks1 Abusing SeImpersonatePrivilege2 Abusing SeImpersonatePrivilege (PrintSpoofer)2 Abusing SeImpersonatePrivilege (x86)1 Abusing Server Operators Group1 Abusing Shared Support Accounts (GenericAll) (rbcd Attack) [Resource Based Constrained Delegation]1 Abusing Sudoers7 Abusing Sudoers Privilege (Dsdat Command)1 Abusing sudoers privilege (nginx) [Privilege Escalation]1 Abusing sudoers privilege (pkg install package)1 Abusing sudoers privilege (systemctl)1 Abusing Sudoers Privilege [Msfconsole Privilege Escalation]1 Abusing sudoers privilege [Privilege Escalation]1 Abusing SUID Binary - Doas [Privilege Escalation]1 Abusing Support Ticket System1 Abusing Tiny File Manager (CVE-2021-45010)1 Abusing Tomcat1 Abusing Tomcat Text-Based Manager1 Abusing Tomcat Virtual Host Manager1 Abusing Umbraco Admin Panel1 Abusing Unconstrained Delegation1 Abusing VNC - vncviewer [Privilege Escalation]1 Abusing Webdav2 Abusing WinRM4 Abusing WinRM - EvilWinRM1 Abusing WinRM to get an interactive console1 Abusing WriteDacl in the domain1 Abusing XAMPP for privilege escalation1 Access Control Vulnerabilities13 Access to MatterMost1 Accessing private GraphQL posts1 Accidental exposure of private GraphQL fields1 ActiveMQ Exploitation - Deserialization Attack (CVE-2023-46604) [RCE]1 Adobe ColdFusion 8 Exploitation1 Alternate Data Streams (ADS)1 Analyzing Jar File1 Ansible Vault Hash Cracking (ansible2john)1 Apache Struts Exploitation1 Api Abusing2 API Testing4 APIWeb LLM Attacks1 AppArmor1 Arbitrary object injection in PHP1 AS-RepRoast Attack1 ASRepRoast Attack1 ASRepRoast Attack (GetNPUsers)1 Authenticate over LDAP(S) - Split PFX into certificate and key for LDAP(S) authentication with certipy (certipy)1 Authentication12 Authentication bypass via encryption oracle1 Authentication bypass via flawed state machine1 Authentication bypass via information disclosure1 AutoLogon Credentials1 Basic server-side template injection1 Basic server-side template injection (code context)1 Basic SSRF against another back-end system1 Basic SSRF against the local server1 Blind OS command injection with out-of-band data exfiltration1 Blind OS command injection with out-of-band interaction1 Blind OS command injection with output redirection1 Blind OS command injection with time delays1 Blind SQL injection with conditional errors1 Blind SQL injection with conditional responses1 Blind SQL injection with out-of-band data exfiltration1 Blind SQL injection with out-of-band interaction1 Blind SQL injection with time delays1 Blind SQL injection with time delays and information retrieval1 Blind SSRF with out-of-band detection2 Blind XXE with out-of-band interaction1 Blind XXE with out-of-band interaction via XML parameter entities1 BloodHound1 BloodHound Enumeration2 Bloodhound Enumeration1 BOM-based open redirection1 boot2docker1 Breaking KeePass1 Broken brute-force protection, IP block1 Brute-forcing a stay-logged-in cookie1 Business Logic Vulnerabilities11 Bypassing GraphQL brute force protections1 Bypassing rbash (Restricted Bash)1 Cached GPP Files1 Cisco Password Cracker (password7)1 CLFS (Common Log File System Vulnerability)1 Code Analysis1 Command Injection3 Connecting via RDP using Remmina1 Core Dump1 Cracking and reading .PFX File1 Cracking Hashes6 Cracking Hashes SSH1 Cracking ZIP file1 Cracking ZIp Password Protected File1 CrackMapExec SMB Authentication Sprying1 Create User and Add to Domain Admins using PassTheCert1 Creating a DNS Record (dnstool.py) [Abusing ADIDNS]1 Creating a dump file of a process - Procdump64.exe (Windows Sysinternals)1 Creating Domain Computer (addcomputer.py)1 Credential Brute Force1 Credential guessing1 Credentials Brute Force (CrackMapExec)1 Cross-site WebSocket hijacking1 Crypto Challenge (Decrypt Secret Message - AES Encrypted)1 CSRF12 CSRF vulnerability with no defenses1 CSRF where Referer validation depends on header being present1 CSRF where token is duplicated in cookie1 CSRF where token is not tied to user session1 CSRF where token is tied to non-session cookie1 CSRF where token validation depends on request method1 CSRF where token validation depends on token being present1 CSRF with broken Referer validation1 CUPS Administration Exploitation1 CVE-2004-26871 CVE-2012-55191 CVE-2015-66681 CVE-2015-69671 CVE-2017-56381 CVE-2017-72691 CVE-2019-189881 CVE-2019-209331 CVE-2020-143211 CVE-2020-73841 CVE-2021-31292 CVE-2021-386471 CVE-2023-03861 CVE-2023-282521 CVE-2023-381461 Database Enumeration1 DC Enumeration (adPEAS)1 DC Enumeration (adPEAS) - Powershell tool to automate Active Directory enumeration1 DCSync Attack1 DCSync Exploitation1 Debian 121 Debugging with DNSpy1 Decrypting GPP Passwords1 Default Password1 Detecting NoSQL injection1 Directory Traversal Vulnerability1 Discovering vulnerabilities quickly with targeted scanning1 DiskShadow1 Distcc exploitation1 Docker Breakout1 Dolibarr 17.0.0 Exploitation - CVE-2023-302531 DOM2 DOM Based Vulnerabilities3 DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded1 DOM XSS in document.write sink using source location.search1 DOM XSS in document.write sink using source location.search inside a select element1 DOM XSS in innerHTML sink using source location.search1 DOM XSS in jQuery anchor href attribute sink using location.search source1 DOM XSS in jQuery selector sink using a hashchange event1 DOM XSS using web messages1 DOM XSS using web messages and a JavaScript URL1 DOM XSS using web messages and JSON.parse1 DOM-based cookie manipulation1 Dumping the Moodle database credentials1 Enabling RDP1 Enabling RDP from CrackMapExec1 Enlightenment SUID Binary Exploitation [Privilege Escalation]1 ERB (Ruby)1 ESC1 exploitation usilng certipy [Privilege Escalation]1 ESC7 exploitation case with certipy [Privilege Escalation]1 Escaping from a container1 Escaping Restricted Bash (rbash)1 Essential Skills2 Eternalblue Exploitation2 Excessive trust in client-side controls1 EXE Binary Analysis1 Exploiting a mass assignment vulnerability1 Exploiting an API endpoint using documentation1 Exploiting blind XXE to exfiltrate data using a malicious external DTD1 Exploiting blind XXE to retrieve data via error messages1 Exploiting cross-site scripting to capture passwords1 Exploiting cross-site scripting to steal cookies1 Exploiting Java deserialization with Apache Commons1 Exploiting LLM APIs with excessive agency1 Exploiting NoSQL injection to extract data1 Exploiting NoSQL operator injection to bypass authentication1 Exploiting NoSQL operator injection to extract unknown fields1 Exploiting PHP deserialization with a pre-built gadget chain1 Exploiting Ruby deserialization using a documented gadget chain1 Exploiting server-side parameter pollution in a query string1 Exploiting Voting System1 Exploiting vulnerabilities in LLM APIs1 Exploiting XInclude to retrieve files1 Exploiting XSS to bypass CSRF defenses1 Exploiting XXE to perform SSRF attacks1 Exploiting XXE using external entities to retrieve files1 Exploiting XXE via image file upload1 Extracting Credentials from Firefox Profile1 File path traversal, simple case1 File path traversal, traversal sequences blocked with absolute path bypass1 File path traversal, traversal sequences stripped non-recursively1 File path traversal, traversal sequences stripped with superfluous URL-decode1 File path traversal, validation of file extension with null byte bypass1 File path traversal, validation of start of path1 File Upload Vulnerabilities6 Finding a hidden GraphQL endpoint1 Finding an attack vector in BloodHound1 Finding and exploiting an unused API endpoint1 Flawed enforcement of business rules1 Fraudulent sending of eps file by mail through RoundCube1 FTP Enumeration1 Fuzzing Directory .git1 Gaining SSL access with Evil-WinRM1 GameOver(lay) Exploitation1 Gathering system information with SharpHound.ps11 Getting more valid system users - lookupsid.py1 Git Configuration Listing1 GraphQL API Vulnerabilities4 Hash Cracking Weak Algorithms1 High-level logic vulnerability1 HTTP Header Command Injection - X-FORWARDED-FOR [RCE]1 HttpFileServer 2.3 Exploitation1 IIS Enumeration1 IIS Exploitation1 Image Stego Challenge - Steghide1 Inconsistent handling of exceptional input1 Inconsistent security controls1 Indirect prompt injection1 Infinite money logic flaw1 Information Disclosure5 Information disclosure in error messages1 Information disclosure in version control history1 Information disclosure on debug page1 Information Leakag1 Information Leakage17 Information Leakage (User Pivoting)1 Insecure Deserialization6 Insecure direct object references1 Insecure-Deserialization1 Insufficient workflow validation1 Intercepting Net-NTLMv2 Hashes with Responder1 Javascript1 Jenkins Exploitation (Groovy Script Console)1 Json Web Token1 Juicy Potato (x86)1 JuicyPotato (SeImpersonatePrivilege)1 JWT6 JWT authentication bypass via flawed signature verification1 JWT authentication bypass via jku header injection1 JWT authentication bypass via jwk header injection1 JWT authentication bypass via kid header path traversal1 JWT authentication bypass via unverified signature1 JWT authentication bypass via weak signing key1 Kde1 Keepass Memory Dump1 Kerberoasting Attack (GetUserSPNs.py)1 Kerberos User Enumeration1 Kerberos User Enumeration (kerbrute)1 Kerberos User Enumeration (Kerbrute)1 Kernel Exploitation1 Laravel1 LaTeX Injection (RCE)1 Ldap Enumeration2 Ldap Enumeration (ldapdomaindump)1 Ldap Enumeration (ldapsearch)1 LFI to RCE - Log Poisoning1 Library Hijacking1 LinPeas Recon - Enumeration1 Local3 Local File Inclusion (LFI)3 Low-level logic flaw1 Lsass Dump Analysis (Pypykatz)1 LXC Exploitation1 Macro Inspection With Olevba1 Maltrail 0.53 Exploitation1 Manipulating the WebSocket handshake to exploit vulnerabilities1 Manipulating WebSocket messages to exploit vulnerabilities1 Method-based access control can be circumvented1 Microsoft SQL Server1 Modifying serialized objects2 Mongo Database Enumeration1 Moodle - Stored XSS1 Moodle Enumeration1 MS11-0461 MS16-0981 MS17-0102 Msfvenom Exploitation1 MSSQL Enumeration (mssqlclient.py)1 MSSQL Hash Net-NTLMv2 Stealing1 Multi-step process with no access control on one step1 MySQL1 Network Printer Abuse1 NFS Enumeration - Showmount1 Nmap SUID1 NodeJS1 NodeJS Deserialization Attack (IIFE Abusing)1 NoSQL Injection (Authentication Bypass)1 NoSQLI4 NTDS Credentials Extraction (secretsdump)1 Nunjucks1 Obtaining credentials stored in memory using Mimikatz1 Obtaining the TeamViewer password1 Offline password cracking1 Oracle Database5 OS Command Injection5 OS command injection, simple case1 PassTheCert with Schannel against LDAP(S) - Use PassTheCert to gain Administrator shell via Schannel authentication over LDAP(S)1 PassTheHash1 PassTheHash (Psexec)2 Password brute-force via password change1 Password Guessing1 Password reset broken logic1 Password reset poisoning via middleware1 Password Reuse1 Path Traversal6 PHP 8.1.0-dev1 Pivoting1 Playing with hashcat rules in order to create passwords1 PostgreSQL10 PostgreSQL Injection (RCE)1 PrintNightmare1 PwnKit CVE-2021-4034 Exploitation [Privilege Escalation]1 Python1 Pywerview Usage1 Reading the user's Powershell history1 Referer-based access control1 Reflected DOM XSS1 Reflected XSS in canonical link tag1 Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped1 Reflected XSS into a JavaScript string with angle brackets HTML encoded1 Reflected XSS into a JavaScript string with single quote and backslash escaped1 Reflected XSS into a template literal with angle brackets, single, double quotes, backslash and backticks Unicode-escaped1 Reflected XSS into attribute with angle brackets HTML-encoded1 Reflected XSS into HTML context with all tags blocked except custom ones1 Reflected XSS into HTML context with most tags and attributes blocked1 Reflected XSS into HTML context with nothing encoded1 Reflected XSS with some SVG markup allowed1 Remote Code Execution via File Upload1 Remote code execution via polyglot web shell upload1 Remote code execution via web shell upload1 Remote Port Forwarding1 Representing and visualizing data in BloodHound1 Requests-baskets 1.2.1 Exploitation1 Resource Based Constrained Delegation Attack - Creating a Computer Object (impacket-addcomputer)1 Resource Based Constrained Delegation Attack - Getting the impersonated service ticket (getST.py)1 Resource Based Constrained Delegation Attack - rbcd.py1 Restricted Shell Bypass1 Robocopy Usage1 RPC Enumeration3 SameSite Lax bypass via cookie refresh1 SameSite Lax bypass via method override1 SameSite Strict bypass via client-side redirect1 SameSite Strict bypass via sibling domain1 Scanning non-standard data structures1 SCF Malicious File1 Searchor Exploitation (Command Injection) [RCE] (CVE-2023-43364)1 SeBackupPrivilege Exploitation1 SeImpersonatePrivilege2 Server Side Request Forgery (SSRF)1 Server-side template injection in an unknown language with a documented exploit1 Server-side template injection using documentation1 Server-side template injection with information disclosure via user-supplied objects1 Service Configuration Manipulation1 Setting breakpoints and getting an LDAP password in clear text (DNSpy)1 SharpHound + BloodHound Enumeration1 SharpHound.exe1 Shell Over WinRM1 ShellShock Attack1 SMB Enumeration9 SMB Enumeration - CrackMapExec1 SNMP Enumeration1 Source code disclosure via backup files1 SQL (Into Outfile)1 SQL injection attack, listing the database contents on non-Oracle databases1 SQL injection attack, listing the database contents on Oracle1 SQL injection attack, querying the database type and version on MySQL and Microsoft1 SQL injection attack, querying the database type and version on Oracle1 SQL Injection Blind (SQLI Blind)1 SQL injection UNION attack, determining the number of columns returned by the query1 SQL injection UNION attack, finding a column containing text1 SQL injection UNION attack, retrieving data from other tables1 SQL injection UNION attack, retrieving multiple values in a single column1 SQL injection vulnerability allowing login bypass1 SQL injection vulnerability in WHERE clause allowing retrieval of hidden data1 SQL injection with filter bypass via XML encoding1 SQLI (Blind Time Based)1 SQLI (Conditional Error)1 SQLI (Conditional Response)1 SQLI (Error Based)14 SQLI (Out Of Band)2 SQLI (Read Files)1 SQLI (SQL Injection)1 SQLI (Time Based)1 SSH Bruteforce1 SSRF5 SSRF with filter bypass via open redirection vulnerability1 SSTI5 SSTI (Server Side Template Injection)3 Stealing a teacher's session cookie1 Steganography Challenge (Steghide)1 Stored DOM XSS1 Stored XSS into anchor href attribute with double quotes HTML-encoded1 Stored XSS into HTML context with nothing encoded1 Stored XSS into onclick event with angle brackets and double quotes HTML-encoded and single quotes and backslash escaped1 Strapi1 Subdomain Enumeration2 System Enumeration1 ThemeBleed (Windows 11 Themes Vulnerability)1 Triple Z Exploit1 Unprotected admin functionality1 Unprotected admin functionality with unpredictable URL1 Uploading malicious CFM shell1 URL-based access control can be circumvented1 User Enumeration - RID Cycling Attack (Netexec)1 User ID controlled by request parameter1 User ID controlled by request parameter with data leakage in redirect1 User ID controlled by request parameter with password disclosure1 User ID controlled by request parameter, with unpredictable user IDs1 User role can be modified in user profile1 User role controlled by request parameter1 Username enumeration via account lock1 Username enumeration via different responses1 Username enumeration via response timing1 Username enumeration via subtly different responses1 Using .ccache file with wmiexec.py (KRB5CCNAME)1 Using application functionality to exploit insecure deserialization1 Using the ticket to gain Administrator access [Privilege Escalation]1 VHost Brute Force1 Virtual Hosting Enumeration1 Visible error-based SQL injection1 Weak isolation on dual-use endpoint1 Web LLM Attacks2 Web shell upload via Content-Type restriction bypass1 Web shell upload via extension blacklist bypass1 Web shell upload via obfuscated file extension1 Web shell upload via path traversal1 WebSockets3 Windows Exploit Suggester1 Windows Persistence techniques1 Windows Persistence with WMI Events1 Winpeas1 Wordpress1 Wordpress Bruteforce1 WordPress Enumeration1 Wordpress Enumeration1 Wordpress Exploitation1 Wordpress Plugin1 XSS24 XXE File Read1 XXE Injection8