Security Training Share
Enumdb is a brute force and post exploitation tool for MySQL and MSSQL databases. When provided a list of usernames and/or passwords, it will cycle through each targeted host looking for valid credentials. By...
Bashark Bashark aids pentesters and security researchers during the post-exploitation phase of security audits. Features Single Bash script Lightweight and fast Multi-platform: Unix, OSX, Solaris etc. No external dependencies Immune to heuristic and behavioral...
LogRM LogRM is a post-exploitation powershell script which it uses windows event logs to gather information about the internal network in a penetration testing engagement. It is not only useful for blue teams but...
RID Hijacking: Maintaining Access on Windows Machines The RID Hijacking hook, applicable to all Windows versions, allows setting desired privileges to an existent account in a stealthy manner by modifying some security attributes of a user....
ACLight A script for an advanced discovery of Privileged Accounts – includes Shadow Admins. The tool was published as part of the “Shadow Admins” research – more details on “Shadow Admins” are in the...
tactical-exploitation I’ve always been a big proponent of a tactical approach to penetration testing that does not focus on exploiting known software vulnerabilities but relies on old-school techniques such as information gathering and brute...
Tokenvator A tool to elevate privilege with Windows Tokens This tool has two methods of operation – interactive and argument modes Interactive Mode: C:> tokenvator.exe (Tokens) > steal_token 908 cmd.exe (Tokens) > Arguments Mode:...
Inveigh is a PowerShell LLMNR/mDNS/NBNS spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system. Included In PowerShell Empire – https://github.com/PowerShellEmpire/Empire PS>Attack – https://github.com/jaredhaight/psattack p0wnedShell – https://github.com/Cn33liz/p0wnedShell PowerUpSQL – https://github.com/NetSPI/PowerUpSQL...
Mimikatz is an open source gadget written in C, launched in April 2014. It is very powerful, support from the Windows system memory to extract clear text password, hash, PIN code and Kerberos credentials,...
p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive...
MIDA-Multitool – Bash script purposed for system enumeration, vulnerability identification, and privilege escalation.MIDA Multitool draws functionality from several of my previous scripts namely SysEnum and RootHelper and is in many regards RootHelpers successor. Besides functionality from these two previous...
ibombshell – Dynamic Remote Shell ibombshell is a tool written in Powershell that allows you to have a prompt at any time with post-exploitation functionalities (and in some cases exploitation). It is a shell that...
BloodHound.py BloodHound.py is a Python-based ingestor for BloodHound, based on Impacket. This tool is currently in Beta and should not be considered feature-complete or fully stable. Limitations BloodHound.py currently has the following limitations: Currently only single...
LinEnum – Scripted Local Linux Enumeration & Privilege Escalation Checks For more information visit www.rebootuser.com Note: Export functionality is currently in the experimental stage. High-level summary of the checks/tasks performed by LinEnum: Kernel and distribution release...
