Resources

General Exploitation

Reverse Shell generator

Generates reverse shells in a plethora of languages. https://www.revshells.com/

---

CrackStation

A password dehasher that isn't good in the wild, but great for a super low hanging fruit. https://crackstation.net/

---

Bloodhound CheatSheet

Useful Bloodhound queries. https://hausec.com/2019/09/09/bloodhound-cypher-cheatsheet/

---

Exploit Searching

• NIST CVE List

• ExploitDB

• MITRE CVE List

• MITRE CWE List

• OWASP Top Ten

• Microsoft CVE List

• Linux Kernal CVEs

Auto Enum Tools

• LinPeas: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS

• LinEnum: https://github.com/rebootuser/LinEnum

• LES (Linux Exploit Suggester): https://github.com/mzet-/linux-exploit-suggester

• Linux Smart Enumeration: https://github.com/diego-treitos/linux-smart-enumeration

• Linux Priv Checker: https://github.com/linted/linuxprivchecker

Windows AD

READ ME. THIS IS IMPORTANT. This list is copied from a discord Resource section. Proceed with caution, as I have not vetted this list. Still, it may be useful and I didn't want to lose the post, so I copied it here:

• https://github.com/alphaSeclab/windows-security/blob/master/Readme_en.md

• https://book.hacktricks.xyz/windows/active-directory-methodology

• https://zer1t0.gitlab.io/posts/attacking_ad/

• https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference/

• https://www.tarlogic.com/en/blog/how-kerberos-works/

• https://www.tarlogic.com/en/blog/how-to-attack-kerberos/

• https://book.hacktricks.xyz/windows/active-directory-methodology

• https://zer1t0.gitlab.io/posts/attacking_ad/

• https://m0chan.github.io/2019/07/30/Windows-Notes-and-Cheatsheet.html

• https://www.silicon.fr/zerologon-faille-critique-active-directory-346780.html

• https://github.com/GhostPack/Certify

• https://posts.specterops.io/shadow-credentials-abusing-key-trust-account-mapping-for-takeover-8ee1a53566ab

• https://github.com/tiyeuse/Active-Directory-Cheatsheet/

• https://hideandsec.sh/books/cheatsheets-82c/page/active-directory

• https://github.com/fuzz-security/Active-Directory-Exploitation-Cheat-Sheet

• https://www.praetorian.com/blog/how-to-exploit-active-directory-acl-attack-paths-through-ldap-relaying-attacks/

• https://www.infosecmatter.com/top-16-active-directory-vulnerabilities/

• https://hausec.com/2019/03/12/penetration-testing-active-directory-part-ii/

• http://www.harmj0y.net/blog/redteaming/a-guide-to-attacking-domain-trusts/

• http://theredwindows.net/index.php/2021/02/12/exploitation-dacl-en-active-directory/

• https://dirkjanm.io/krbrelayx-unconstrained-delegation-abuse-toolkit/

• https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html

Report Writing

• PwnDoc: https://github.com/pwndoc/pwndoc

• PenTestReports: https://pentestreports.com/