Notification: Upcoming course “Learning and Mastering Python for Penetration Testing”

VK9 Security

  • Home
  • Courses (Soon)
  • Red Team
    • Anonymity
      • Anonymity
    • Information Gathering
      • Active Gathering
      • Passive Gathering
    • Exploitation
      • Android Exploitation
      • Linux Exploitation
      • Windows Exploitation
      • Network
      • Application
        • Web Exploitation
    • Post-Exploitation
      • Linux Post-Exploitation
      • WIndows Post-Exploitation
      • Cleaning Tracks
    • Red Team Operations
    • Reporting
    • Tools
  • Blue-Team
    • Threat Hunt
    • Incident Response
    • OS
      • Linux OS
        • Linux Management
        • Linux Commands
        • Linux Misc
      • Windows OS
        • Windows Commands
        • Windows Misc
        • Windows Management
    • Device Configuration
  • Labs
    • Labs
  • About Us
  • Sign In

Linux - Exploitation

  • FTP Anonymous login
  • FreeBSD 9.0 < 9.1 - 'mmap/ptrace' Local Privilege Escalation
CVE
  • Vulnerability Shellshock - CVE-2014-6271
  • Apache James Server 2.3.2 - CVE-2015-7611
  • WordPress Plugin: Plainview Activity Monitor - (Authenticated) Command Injection - CVE-2018-15877
  • Subrion CMS 4.2.1 - Arbitrary File Upload (Authenticated) - 2018-19422
  • Confluence Server 7.12.4 - 'OGNL injection' Remote Code Execution (RCE) (Unauthenticated)
  • ZoneMinder (1.29,1.30) Exploitation (Multiple Vulnerabilities)
  • SaltStack Salt REST API Arbitrary Command Execution (CVE-2020-11651, CVE-2020-11652)
  • OpenSMTPD < 6.6.1 - Remote Code Execution (smtp_mailaddr) - CVE-2020-7247
  • Grafana 8.3.0 - Directory Traversal and Arbitrary File Read - CVE-2021-43798
  • Bludit 3.9.2 - Auth Bruteforce Bypass (CVE-2019-17240)

    Windows - Exploitation

    • LLMNR / NBT-NS Poisoning (Responder tool)
    • Windows Password Hashes
    • Windows XP - Get Hashes (Local)
    • Mount & Extract Password Hashes From VHD Files
    • Connect to Windows Remote Management (WinRM) using Evil WinRM
    • Impacket Remote code execution (RCE) on Windows from Linux
    CVE
    • Microsoft Windows - Code Execution (MS08-067) - CVE-2008-4250
    • HFS - Code execution - CVE-2014-6287
    • ColdFusion 8 FCKeditor CurrentFolder directory traversal / File Upload / RCE - CVE-2009-2265
    • PrintNightmare (CVE-2021-1675): Remote code execution in Windows Spooler Service
    • Microsoft IIS ScStoragePathFromUrl function buffer overflow - CVE-2017-7269

    Active Directory

    • Windows Local user & local enumeration
    • Domain Enumeration (PowerView & ADRecon)
    • Exploiting GPP SYSVOL (Groups.xml)
    • Enumerating AD users with LDAP
    • Mapping AD relationship using BloodHound
    • Kerberoasting Stealing Service Account (SPN) - Remote
    • Kerberoasting Stealing Service Account (AS-REP) - Remote

      Web Application

      • Testing Web application authentication tips
      • Bypass 30X redirect with BurpSuite
      • Server-side HTTP Redirection
      • Exploiting pChart 2.1.3 (Directory traversal & XSS)
      • PhpTax 0.8 - File Manipulation
      • Apache Tomcat Manager .war reverse shell
      • Exploiting WebDAV
      • PHP 8.1.0-dev Backdoor Remote Code Execution (RCE)
      Path Traversal (LFI - RFI)
      • Basics of Path Traversal
      • Testing LFI to RCE using auth.log (SSH) poisoning with Mutillidae & BurpSuite
      Injection
      • Basics Of SQL Injection
      • Advanced SQL Injection: Union based
      • Blind SQL injection
      • Basic XPath Injection
      • Basic Command injection
      • SMTP Injection attack
      File Upload
      • Local file upload - Magic byte change file type
      Access Control
      • Access control: Account highjacking with Mutillidae
      • Access control RFI & Reading file function exploitation + reverse shell with Mutillidae and BurpSuite
      • Execution After Redirect (EAR)
      Session Management
      • Session Management DVWA
      • Attacking & Securing Session Management
      Authentication
      • Testing Web application authentication tips
      XXE
      • XML external entity (XXE) injection
      • (XXE) Ladon Framework for Python - XML External Entity Expansion - CVE-2019-1010268
      CMS
      • Reverse shell on any CMS
      • LotusCMS 3.0 - 'eval()' Remote Command Execution
      • WordPress Plugin User Role Editor < 4.24 - Privilege Escalation
      • Drupal 7.x Module Services - Remote Code Execution
      • Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution
      • Bludit 3.9.2 code execution - Path Traversal (Authenticated) (CVE-2019-16113)

        Network

        • SSH Port Forwarding

          Social Engineering

          • How to use Veil to create payloads
          • Twitter
          • Instagram
          VK9 Security.